Senior Engineer, Security (AppSec)

Job Description

What You'll Be Doing

Application & Cloud Security Engineering 

Design, implement, and maintain application security controls across Arcadia’s cloud-native SaaS platform

Partner with Product and Engineering teams to embed security into system design, development workflows, and CI/CD pipelines

Conduct threat modeling, architecture reviews, and secure design assessments for new and existing services

Own and improve vulnerability management processes, including identification, prioritization, and remediation tracking

Implement and maintain security tooling such as SAST, DAST, dependency scanning, container scanning, and secrets detection

Detection, Response & Threat Analysis

Participate in security incident response activities including detection, investigation, containment, and remediation

Monitor and analyze logs, alerts, and security events to identify suspicious activity and emerging threats

Contribute to detection engineering by tuning alerts, improving signal quality, and reducing noise

Support threat intelligence analysis and apply insights to improve preventive and detective controls

Perform post-incident analysis and recommend technical and process improvements

Security Automation & Engineering Excellence

Build security-as-code solutions to automate control enforcement, validation, and remediation

Use scripting and automation to reduce manual effort and improve consistency

Support secure AWS architecture using services such as EKS, ECS, Lambda, IAM, and VPC

Contribute to identity and access management best practices across AWS, Okta/Auth0, and SaaS platforms

Compliance & Risk Enablement

Translate compliance requirements (e.g., SOC 2, ISO 27001, HITRUST, HIPAA) into practical technical controls

Partner with Security Assurance to support audits, evidence collection, and continuous control monitoring

Help identify and remediate security risks discovered through assessments, audits, or incidents

What You'll Bring

6+ years of experience in application security, cloud security, or security engineering roles 

Strong hands-on experience securing cloud-native, SaaS-based environments (AWS required) 

Application security principles and common vulnerabilities (OWASP Top 10) 

Secure software development practices and CI/CD integration 

Cloud security architecture and IAM 

Incident detection and response fundamentals 

Experience with security tools such as SIEM, SAST/DAST, EDR, vulnerability scanners, and cloud security platforms 

Ability to script and automate security workflows using Python, Bash, or similar languages 

Strong analytical skills and the ability to clearly communicate security risks and recommendations 

Would Love For You To Have

Experience in healthcare or other regulated industries 

Familiarity with Kubernetes, container security, and modern DevSecOps tooling 

Experience contributing to detection engineering or threat analysis efforts 

Relevant certifications such as AWS Security Specialty, CISSP, CCSP, or GIAC certifications 

What You'll Get

A senior, high-impact security engineering role in a mission-driven healthcare company 

The opportunity to work deeply hands-on with modern cloud and application security challenges 

Be a part of a mission driven company that is transforming the healthcare industry by changing the way patients receive care  

A flexible, remote friendly company with personality and heart  

Employee driven programs and initiatives for personal and professional development   

Become a member of the talented, energized, diverse and purpose-driven Arcadian Community