HeartFlow

Application Security Engineer

HeartFlow$145K — $180K *
Healthcare
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of total experience, with at least 1 year in Application Security or security-focused development roles.
  • BS in Computer Science or related degree, or equivalent certifications and experience.
  • Proficiency in at least one modern programming language (C++/Python) and a scripting language.
  • Experience with AI development tools like Claude Code and GitHub Copilot for security testing.
  • Strong understanding of secure SDLC practices, including threat modeling and vulnerability management.
  • Ability to communicate risk effectively to both technical and non-technical audiences.

Responsibilities

  • Collaborate with engineering to provide technical guidance throughout the vulnerability remediation lifecycle.
  • Conduct secure code reviews and coach developers on remediation strategies.
  • Drive vulnerability identification using SAST, DAST, and in-house AI tools.
  • Assist the engineering team in managing vulnerabilities and translating security requirements into technical requirements.
  • Create training programs to enhance security awareness among developers.

Benefits

  • Hybrid work model (3 days in the office).
  • Opportunity to work on AI-based healthcare solutions that directly impact patient outcomes.
  • Collaborative environment with skilled engineers.
Full Job Description
We are looking for an Application Security Engineer to work with our engineering team to ensure security is an integral part of our Software Development Lifecycle (SDLC). In this role, you'll have the chance to use your security and software development background to protect patients as we build products that leverage AI to improve healthcare. If you enjoy working with talented engineers to solve complex technical challenges and want to see your work make a direct difference in patient outcomes, we encourage you to apply. This role is a hybrid, requiring three days a week in our San Francisco office. What You'll Do: - Partner with the engineering team to provide hands-on technical guidance to software developers throughout the vulnerability remediation lifecycle. Perform secure code reviews, validate false positive determinations, coach developers on effective remediation strategies, threat model our products and carry out essential parts of a secure SDLC. - Drive vulnerability identification using SAST, DAST, SCA and in-house AI tooling and manage external penetration testing. - Support engineering team on vulnerability management, including risk assessment, remediation, improving identification of vulnerabilities and translate security and privacy requirements into technical requirements. - Build security awareness through training on secure coding practices, security standards and latest security threats. What You Bring: - Security Communication - Ability to reason about risk in complex environments and communicate that risk to technical and non-technical audiences. Experience leading training, speaking internally/externally about security projects valued. - Programming Skills - Experience writing and maintaining code in at least one modern programming language and with at least one scripting language (Heartflow uses C++/Python). Comfortable with testing frameworks and CI/CD pipelines. - AI Development Tools - Experience using AI code tools such as Claude Code and Github Copilot for development and security testing. - Education & Experience - BS in Computer Science (or related degree) or relevant certifications and equivalent experience. 5+ years of total experience with at least 1 year working in Application Security or performing security tasks in a development role. - Securing SDLC - Have contributed to secure SDLC activities, including threat modeling, code review, security testing and vulnerability management. - Knowledge of Modern AI Security Threats - Experience working with or ability to discuss current AI threats for both machine learning and generative AI. What Helps You Stand Out: - Healthcare Experience - Current knowledge of HIPAA, HITRUST and the complexities of working in a regulated environment. Experience with Software as a Medical Device (SaMD) is especially valuable. - Infrastructure as Code & Cloud - Familiarity with AWS (or equivalent cloud providers) and configuration tools (Terraform, Chef, Ansible). Experience with containerization (Docker, Kubernetes) and orchestration (GitHub Actions or similar). A reasonable estimate of the base salary compensation range is $145,000 to $180,000 per year, bonus, and equity. #LI-IB1

About HeartFlow

HeartFlow is a medical technology company that specializes in non-invasive, personalized cardiovascular disease diagnosis and treatment planning. The company's technology uses artificial intelligence and deep learning algorithms to create 3D models of patients' hearts and simulate blood flow. HeartFlow's technology has been used in over 30,000 patients worldwide and has been shown to improve patient outcomes and reduce healthcare costs. The company was founded in 2007 and is headquartered in Redwood City, California.
Learn more about HeartFlow
Size
500 employees
Industry
Founded
2009

Similar Jobs

More Jobs at HeartFlow

More Healthcare Jobs

Find similar Application Security Engineer jobs: