Application Security Engineer

PaceMate Application Security Engineer (full-time, remote)

Primary Location: All U.S. Locations (remote)

We are seeking an experienced Application Security Engineer to join our security team, focusing on web applications and AWS infrastructure. The ideal candidate will have a strong background in application security, secure coding practices, and compliance frameworks such as HIPAA, SOC2, and HITRUST.

PaceMateLIVE is a comprehensive cardiac remote monitoring platform integrating all EHRs and cardiac device types into a single dashboard, providing real-time patient data and enabling intelligent patient prioritization with Auto-Triage.

Joining PaceMate means contributing to a mission-driven team dedicated to leveraging technology to benefit patients, caregivers, and hospitals, while delivering solutions that identify revenue opportunities and inefficiencies.

We offer a competitive compensation and benefits package, including health, dental, vision, disability coverage, FSA, HSA, 401(k), employee assistance, paid time off, legal insurance, and more.

1. Perform security code reviews and static code analysis on web applications to identify vulnerabilities.
2. Design and implement secure coding standards and guidelines.
3. Conduct security assessments of AWS cloud infrastructure and services.
4. Lead security testing throughout the software development lifecycle.
5. Assist development teams in remediating security vulnerabilities.
6. Ensure compliance with regulatory requirements including HIPAA, SOC2, HITRUST, ISO 27001.
7. Develop and maintain security documentation for audits.
8. Collaborate with development and DevOps teams to implement security controls.
9. Stay current with emerging security threats and mitigation techniques.

The candidate must be able to perform each essential function satisfactorily. Reasonable accommodations may be made for individuals with disabilities. Management reserves the right to reassign duties as needed.

1. Bachelor’s degree in computer science, IT, or related field.
2. 5+ years of experience in application security or related field.
3. Strong knowledge of web application security principles and OWASP Top 10 vulnerabilities.
4. Experience with static application security testing (SAST) tools.
5. Proficiency in AWS security configurations and best practices.
6. Understanding of compliance frameworks including HIPAA, SOC2, HITRUST.
7. Experience implementing security controls in healthcare or financial environments.
8. Knowledge of secure SDLC methodologies.
9. Strong communication skills for conveying security concerns to technical and non-technical stakeholders.

1. Security certifications (CISSP, CSSLP, CEH, AWS Security Specialty).
2. Experience with DAST and penetration testing.
3. Knowledge of CI/CD security integration.
4. Experience with API security testing and OAuth/OIDC.
5. Background in risk assessment methodologies.
6. Experience with security incident response.

1. Security Tools: Fortify, Checkmarx, SonarQube, OWASP ZAP, Burp Suite.
2. Cloud Security: AWS Security Hub, GuardDuty, CloudTrail, IAM, KMS.
3. Authentication: SAML, OAuth, JWT, SSO.
4. Encryption: TLS, data encryption at rest and in transit.
5. Compliance Tools: GRC platforms, automation tools.
6. Programming: JavaScript, Java, web frameworks (VueJS, Spring).

• Reliable high-speed internet access.
• Dedicated home office space that provides privacy and suitable working conditions.

Must remain stationary, operate computer and office equipment, communicate effectively, and perform repetitive motions for data entry.

Supervised by: CTO

Supervises: None

Target range: $120,000 - $160,000 annually, depending on experience and education, plus a comprehensive benefits package.

PaceMate is a leader in cardiac remote monitoring and data management, dedicated to advancing digital healthcare since 2015. Our platform, PaceMateLIVE, offers seamless integration with all cardiac devices and EHRs, prioritizing patient care with Auto-Triage and extensive interoperability. Learn more at PaceMate.com.