Application Security Engineer

Who We Are:

PE-backed start-up, DoseSpot is a dynamic and innovative leader in the electronic prescribing software market, and its subsidiary, pVerify, is an industry leading insurance verification solution. We are on a hyper-growth curve at the intersection of the software and healthcare industries. We need great team members to capitalize on these opportunities and improve the healthcare experience for patients and doctors alike. DoseSpot and pVerify have an exciting opportunity to join a fun and growing team, benefit from strong market tailwinds, and be part of an exciting opportunity to ensure mission-critical prescriptions and verifications are delivered on time and without error.

The Role:

As the Application Security Engineer, you will play a pivotal role in the strengthening of security into our Software Development Lifecycle. This is a critical role within the Information Security organization to safeguard an environment where code changes can happen rapidly. You will build security control testing at scale while balancing risk reduction, adopting threat modeling as part of our internal processes.

We welcome applicants from all U.S. time zones, though we have a preference for those based in Central or Eastern time zones.

What you'll do:

• Collaborate with development and product teams to integrate security solutions into business-critical applications.

• Conduct regular threat modeling sessions using industry-standard methodologies, such as STRIDE, integrating findings into development workflows.

• Partner with DevSecOps to develop, design, implement and manage application security integration and automation within CI/CD.

• Evaluate, implement, and manage AppSec tools (e.g., SAST, DAST, SCA, IaC scanning, container security) and guide engineering teams on remediation.

• Build scalable, automated vulnerability management workflows and reports.

• Empower engineering partners through frictionless security testing.

• Lead scoping and develop requirements for manual penetration testing driven internally and by third parties, including remediation and follow up.

• Participate in secure code reviews and product security testing to identify vulnerabilities.

• Work closely with compliance teams to ensure that applications adhere to industry-specific regulations and standards.

What you'll bring:

• Bachelor’s degree in computer science, Information Technology, or related field.

• 3-5 years of experience in application security.

• Strong understanding of security principles and best practices for securing end-to-end customer experience, including login mechanisms, browser security, and the protection of customer data.

• A foundation in software engineering and ability to read/write code, including React, JS, Python, Powershell

• Familiarity with threat modeling paradigms such as STRIDE or STRIPED.

• Familiarity with cloud-based hosting providers like AWS, GCP, or Microsoft Azure.

• Prior experience across web security, secure coding, software development, cryptography, and system design.

• Track record of delivering measurable improvements in application security concepts and tooling

• Strong foundation in AppSec process and tool implementation.

• Excellent communication skills with the ability to influence engineering decisions through data and cross-functional stakeholder collaboration.

• Demonstrated ability to independently apply a broad range of theories, concepts, principles, and methodologies to application security projects involving complex features.

You Will Enjoy This Role If:

• You enjoy being hands-on and solving security problems at scale.

• You value collaboration in working cross-functionally with engineering and product teams.

• You can bridge the gap between security and development with clarity, pragmatism, and technical fluency.

Benefits & Perks:

Remote work environment with a flexible work schedule to encourage work-life balance

Annual company offsite

Generous leave package including flexible time off policy that encourages team members to take time off to relax and recharge; plus 13 paid holidays, paid sick leave, and paid parental leave

Medical, dental, and vision insurance for you and your family, plus a company funded FSA & HSA (dependent on which medical plan you choose)

401(k) company match

One-time workspace reimbursement to help you optimize your remote workspace

DoseSpot is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.