Application Security Engineer

San Mateo, CA
The pace of innovation in cancer treatment has accelerated dramatically in recent years, with new breakthroughs every day and over 600 cancer drugs now on the market. And yet, the technology doctors use to take advantage of these innovations hasn’t evolved in decades. In fact, most doctors still use a software system that was designed in the 1990s for billing and compliance to make life-altering decisions about care.

At Project Ronin, we’re out to change this - fast. Our mission is to dramatically improve cancer care by giving doctors and patients the tools they need to make better decisions about treatment. We’re developing a cancer intelligence platform that provides all the information physicians need, in one place, to assess patient care options and take action. We believe that this technology will allow for truly individualized care and will have an immediate impact on quality of life and survival rates.

We’re building a team of highly motivated, passionate individuals to help us pioneer this new approach to cancer care. Nearly every person will be touched by cancer at some point in their lives, so the potential for our collective impact is vast.

Will you join us?

As the first application security engineer to join the team you will provide expert technical guidance on software designs and implementations from a security perspective while constantly identifying and resolving security issues.

What You Will Do:

    • Hands-on security testing (black-box, gray-box) and code review of cloud and mobile products, APIs, internal automation and internal applications.
    • Own vulnerability management and mitigation approaches
    • Conduct threat modeling tied to security services
    • Conduct application security reviews
    • Review current architecture design and iterate towards proper level of security
    • Provide security training and outreach to internal engineering teams
    • Develop security guidance documentation for product teams

What We're Looking For:

    • Must Have:
    • Familiarity with common security libraries, security controls, and common security flaws that apply to Ruby on Rails and Python (or alike) applications
    • Technical knowledge of techniques, standards and state-of-the-art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
    • At least 3 years of development experience
    • Experience with OWASP, static/dynamic analysis and common exploit tools and methods
    • Linux/Docker experience

    • Nice To Have:
    • Penetration and/or Red Teaming testing experience
    • Production network security experience
    • CI and automation experience
    • Worked in a regulated industry (e.g healthcare or financial)
What We Offer:

Our goal is to remove as many obstacles as we can so you are able to do the best work of your life. We offer the following benefits to help you do that:

- Opportunity to make an enormous impact on hundreds of millions of lives, while growing your career
- A team that is passionate about achieving our mission and each other’s success
- Medical, dental, and vision benefits
- 401K
- Commuter stipend
- Quarterly learning stipend
- Phenomenal location within walking distance to the San Mateo CalTrain
- No meeting Tuesday's for Engineering