Who is Mindstrong?
Mindstrong is a research-driven, consumer-focused mental healthcare company creating a new virtual care model for delivering healthcare to people living with a serious mental illness (SMI) through innovations in measurement science, and care delivery. Our services are offered to people with an SMI through active partnerships with several nationwide health insurance payers.
As a Series C company, we have a blend of science, technology, and healthcare talent to help us unlock this paradigm-shifting approach, including the likes of National Institute for Mental Health, Stanford Center for Neurobiological Imaging, Uber, Facebook, Google, Apple, Oscar Health, and CMS.
We’d love to talk more!
What is the Senior Application Security Engineer role?
As we expand, the security of our service, applications, systems, and data becomes even more vital. We are looking for an experienced and motivated Application Security Engineer to help us in these efforts. You will have the opportunity to be an innovator and foundational member of the Mindstrong Security team and will be primarily responsible for driving security in the development life cycle.
This is a unique opportunity to be part of an exceptional company that is transforming how we diagnose and treat brain disorders affecting hundreds of millions of people globally by applying some of the most innovative techniques in artificial intelligence
What you'll be doing:
- Application security analysis, including code and architecture review, analysis of data flows, and penetration testing
- Consulting with engineering teams on the design, development, and operation of the Mindstrong service
- Acting as a security liaison between Engineering and the company
- Building tools to automate and integrate application security testing and assurance
- Functioning as an internal advocate and resource on secure software engineering and application security practices
- Identifying security-focused metrics for collection and analysis
- Launching Mindstrong’s vulnerability disclosure and bug bounty programs
- Providing specific risk assessment and remediation guidelines
- Helping handle and triage findings from security tools including static and dynamic scanners
Who you are:
- You feel good about your work knowing that what you do will affect the lives of millions of people worldwide
- Entrepreneurial and eager to thrive in a startup environment
- A good person, highly ethical and accepting of others
Your background and skills:
- 3+ years of experience in application and software security
- Strong communicator and can translate security concepts and objectives to be relevant to engineering and non-engineering teams
- Deep understanding of web application security threats, exploits, and prevention
- Ability to triage, reproduce, and recommend remediations for vulnerabilities
- Knowledge of development and integration tools and technologies (e.g., CI/CD)
- Knowledge of static code analysis tools
- Knowledge of test automation frameworks and how they can be used for security QE
- Experience with Python or other scripting languages
- Developing tools and exploits to support application security automation and penetration testing
- Experience with public cloud environments and technologies, including Amazon Web Services
- Experience partnering with cross-functional teams to deliver widely impactful security initiatives
- Demonstrate excellent judgment in prioritizing security efforts to mitigate the appropriate risks
- Experience with regulatory compliance (HIPAA/HITRUST, ISO 27001)
- Working with data analytics for improving an organization’s security posture
- Managing a bug bounty program
- Using DAST, SAST, and SCA to identify and remediate application security vulnerabilities during the software development lifecycle
- Proficiency with Java, React, or Swift development
- Practical knowledge of applied cryptography and common attacks
- Red team experience