Zocdoc

Application Security Engineer

Zocdoc$100K — $140K *
US-AnywhereRemote in United States
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of experience in information security or application security roles
  • Solid understanding of software development in agile environments
  • Proficient in at least one major programming language (Python, JavaScript, Go, Java)
  • Basic knowledge of cloud environments (AWS, GCP, Azure)
  • Familiarity with web application security standards and vulnerability categories
  • Interest in AI security trends and automated workflows
  • Strong communication skills and a collaborative mindset

Responsibilities

  • Serve as a key contact for engineering squads on secure development lifecycle guidelines
  • Assist developers with static analysis and software composition analysis tools
  • Provide actionable guidance on remediating application security vulnerabilities
  • Maintain security documentation and developer playbooks for compliance
  • Track security milestones and organize evidence for compliance audits
  • Monitor metrics related to application security and vulnerability patch timelines
  • Work with GenAI tools to support AI governance frameworks

Benefits

  • Flexible work environment
  • Unlimited vacation
  • 100% paid health benefits (medical, dental, vision)
  • 401(k) with employer match
  • Corporate wellness program
  • Sabbatical leave after 5 years
  • Paid parental leave and family planning reimbursement
  • Cell phone reimbursement
  • Employee Resource Groups and ZocClubs
  • Great Place to Work Certified
Full Job Description
Your Impact to our Mission

Zocdoc's most important asset is our people. As an Application Security Engineer, you'll play a meaningful role in helping our development organization build secure software with confidence. In this role, you'll work closely with our Compliance, Security, and Engineering teams to support our secure software development lifecycle, strengthen application security governance, and help shape emerging AI governance guardrails across the business.

You'll enjoy this role if you...
  • Personally motivated by helping teams build secure software and reduce risk before issues reach production.
  • Autonomous, urgent, and creative. You genuinely love turning security requirements into practical guidance for developers.
  • Highly collaborative and energized by partnering with engineering squads across the software development lifecycle.
  • Passionate about application security, secure coding, and improving how teams work within modern development environments.
  • A clear communicator who can make security concepts approachable and actionable for technical partners.
  • The kind of person who is excited by emerging technology trends, especially AI security risks and automated workflows.
  • Serious about your work, but not about yourself.

Your day to day is...
  • Serving as an accessible point of contact for engineering squads, helping teams understand and follow secure development lifecycle guidelines.
  • Assisting developers in reviewing and interpreting alerts from static analysis and software composition analysis tools, including helping distinguish true vulnerabilities from false positives.
  • Providing clear, actionable guidance on remediating common application security vulnerabilities, including issues aligned to the OWASP Top 10.
  • Helping maintain internal security documentation, developer playbooks, and secure coding training materials so that compliance expectations are clear and achievable.
  • Supporting application security governance by tracking key security milestones and organizing technical evidence from repositories and deployment pipelines for compliance audits.
  • Monitoring application security metrics, including vulnerability patch timelines and policy exceptions, to support regular leadership reporting.
  • Working with cutting-edge GenAI tools and technology while supporting AI governance frameworks and helping ensure AI-enabled workflows align with privacy and security guardrails.

You'll be successful in this role if you have...
  • Meaningful experience in an information security role, software engineering position, or IT audit function with an application security focus.
  • A foundational understanding of software development processes and how security fits into agile environments.
  • Familiarity with code review concepts and comfort reading at least one major language used in cloud environments, such as Python, JavaScript, Go, or Java.
  • Basic exposure to cloud environments such as AWS, GCP, or Azure, along with an understanding of Git workflows.
  • A conceptual understanding of vulnerability categories and web application security standards.
  • An interest in emerging technology trends, especially AI security risks and automated workflows.
  • Required: the ability to integrate generative AI tools into daily workflows to automate tasks, foster innovation, and maximize productivity.
  • A degree in Computer Science, Cybersecurity, or a related technical field is preferred, though equivalent hands-on experience or certifications such as Security+, GSEC, or CEH are also highly valued.
  • Superb communication skills, humility, and a collaborative approach to supporting stakeholders across engineering and security.

Benefits
  • Flexible work environment
  • Unlimited Vacation
  • 100% paid employee health benefit options (including medical, dental, and vision)
  • 401(k) with employer funded match
  • Corporate wellness program with Wellhub
  • Sabbatical leave (for employees with 5+ years of service)
  • Competitive paid parental leave and fertility/family planning reimbursement
  • Cell phone reimbursement
  • Employee Resource Groups and ZocClubs to promote shared community and belonging
  • Great Place to Work Certified


Zocdoc is committed to fair and equitable compensation practices. Salary ranges are determined through alignment with market data. Base salary offered is determined by a number of factors including the candidate's experience, qualifications, and skills. Certain positions are also eligible for variable pay and/or equity; your recruiter will discuss the full compensation package details.

NYC Base Salary Range

$100,000-$140,000 USD

About Zocdoc

Zocdoc is a healthcare technology company that provides a digital platform for patients to find and book appointments with doctors and other healthcare providers. The company's platform allows patients to search for doctors by specialty, location, insurance, and other criteria, and to book appointments online or through a mobile app. Zocdoc also provides tools for doctors to manage their schedules, patient records, and online reputation. The company was founded in 2007 and is headquartered in New York City. Zocdoc has raised over $225 million in funding and has been recognized as one of the fastest-growing companies in the healthcare industry.
Learn more about Zocdoc
Size
1,000 employees
Industry
Founded
2007

Similar Jobs

More Jobs at Zocdoc

More Information Technology Jobs

Find similar Application Security Engineer jobs: