Application Security Engineer Opportunity
We're hiring an Application Security Engineer to work hands-on with our engineering teams to find and fix vulnerabilities, harden our applications, and keep security woven into how we build software. This is a practitioner role; you'll spend yourtime in code, in tooling, and in design reviews, not writing strategy decks or managing people. You'll report to our security leadership and collaborate daily with developers across the stack. The systems you help protect handle sensitive patient data, so the work carries real weight.
What You'll Do
- Perform secure code reviews, threat modeling, and security design reviews for new features and services.
- Use AI to automate tooling like SAST, DAST, SCA, secret scanning, and container scanning tools across our CI/CD pipelines.
- Use AI to triage and validate vulnerability findings from automated tools, penetration tests, and bug bounty submissions. Track remediation to closure.
- Work directly with engineering squads to fix security issues, helping developers understand the "why" and the fix, not just the finding.
- Support third-party penetration tests: scoping, coordination, triage, and follow-through on results.
- Contribute to developer security guides and training grounded in our actual codebase and stack.
- Help maintain and improve our vulnerability management workflows and tracking using AI.
- Support compliance work related to HIPAA and SOC 2 where it touches application and data security.
- Stay current on the threat landscape and flag emerging risks relevant to our technology and industry.
Must-Haves
- 5+ years of experience in application security.
Technical Skills
- You've written production code and can read, review, and critique code in at least one modern language (Python, Go, Java, TypeScript, etc.).
- Solid working knowledge of common vulnerability classes (OWASP Top 10, injection attacks, auth flaws, insecure deserialization, etc.) and how to fix them.
- Hands-on experience with threat modeling and secure code review—you've done these against real systems, not just studied them.
- Experience working with security tooling in CI/CD pipelines (SAST, SCA, secret scanning, GitHub Actions, etc.).
- Familiarity with cloud environments (AWS) and container/Kubernetes basics from a security angle.
- Working understanding of auth standards (OAuth 2.0, OIDC, SAML) and API security concepts (REST, GraphQL).
How You Work
- You're collaborative, you'd rather help a developer fix something than file a ticket and walk away.
- You communicate clearly. You can explain a vulnerability to an engineer and to a product manager without losing accuracy.
- You're organized enough to juggle multiple findings and remediation efforts across teams without things slipping.
- You're comfortable asking questions and navigating ambiguity in a fast-moving environment.
- You care about the mission; these systems handle patient data, and that responsibility resonates with you.
Nice-to-Haves
- Experience in healthcare or health-tech; familiarity with HIPAA Security Rule requirements.
- Exposure to compliance frameworks like SOC 2 Type II, HIPAA, or HITRUST.
- Experience at a company where you've worn multiple hats.
- Relevant certifications (OSCP, CSSLP, CEH)—nice signal, not a gate.
Why You'll Love Working Here
- Real impact—the code you secure protects patient data at major health systems nationwide.
- A collaborative engineering culture where security is valued, not treated as an afterthought.
- Hybrid model with focus time and in-person days (Wed & Thu in South San Francisco).
- Flexible PTO, expansive health/dental/vision (including 100% free options), HSA contributions, generous parental leave, life insurance, home office stipend, cell/internet reimbursement, company holidays, and 401(K).
What We Offer
- Flexible paid time off (PTO)
- Expansive coverage for health, dental, and vision
- Employer contribution to Health Savings Accounts (HSA)
- Generous parental leave policy
- Full employee coverage for life insurance
- Home office stipend
- Cell phone/internet reimbursement
- Company-paid holidays
- 401(K) plan
Compensation
- Based on geo, market data, and other factors, the salary range for this position is $205,000-$275,000 + Equity. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description.
The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we'll consider your location, experience, and other job-related factors.
We're committed to doing the best work of our lives, together. Come see if we're the right team for you.
AKASA is a proud equal opportunity employer and we believe that a diverse and inclusive workforce is an imperative. We welcome people of different backgrounds, genders, races, ethnicities, abilities, sexual orientations, and perspectives, just to name a few. We do not discriminate based upon any protected class and we encourage candidates of all identities and backgrounds to apply. AKASA considers qualified applicants regardless of criminal histories in accordance with the San Francisco Fair Chance Ordinance.
AKASA is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at recruiting@akasa.com.
Application Security Engineer Opportunity
We're hiring an Application Security Engineer to work hands-on with our engineering teams to find and fix vulnerabilities, harden our applications, and keep security woven into how we build software. This is a practitioner role; you'll spend yourtime in code, in tooling, and in design reviews, not writing strategy decks or managing people. You'll report to our security leadership and collaborate daily with developers across the stack. The systems you help protect handle sensitive patient data, so the work carries real weight.
What You'll Do
- Perform secure code reviews, threat modeling, and security design reviews for new features and services.
- Use AI to automate tooling like SAST, DAST, SCA, secret scanning, and container scanning tools across our CI/CD pipelines.
- Use AI to triage and validate vulnerability findings from automated tools, penetration tests, and bug bounty submissions. Track remediation to closure.
- Work directly with engineering squads to fix security issues, helping developers understand the "why" and the fix, not just the finding.
- Support third-party penetration tests: scoping, coordination, triage, and follow-through on results.
- Contribute to developer security guides and training grounded in our actual codebase and stack.
- Help maintain and improve our vulnerability management workflows and tracking using AI.
- Support compliance work related to HIPAA and SOC 2 where it touches application and data security.
- Stay current on the threat landscape and flag emerging risks relevant to our technology and industry.
Must-Haves
- 5+ years of experience in application security.
Technical Skills
- You've written production code and can read, review, and critique code in at least one modern language (Python, Go, Java, TypeScript, etc.).
- Solid working knowledge of common vulnerability classes (OWASP Top 10, injection attacks, auth flaws, insecure deserialization, etc.) and how to fix them.
- Hands-on experience with threat modeling and secure code review—you've done these against real systems, not just studied them.
- Experience working with security tooling in CI/CD pipelines (SAST, SCA, secret scanning, GitHub Actions, etc.).
- Familiarity with cloud environments (AWS) and container/Kubernetes basics from a security angle.
- Working understanding of auth standards (OAuth 2.0, OIDC, SAML) and API security concepts (REST, GraphQL).
How You Work
- You're collaborative, you'd rather help a developer fix something than file a ticket and walk away.
- You communicate clearly. You can explain a vulnerability to an engineer and to a product manager without losing accuracy.
- You're organized enough to juggle multiple findings and remediation efforts across teams without things slipping.
- You're comfortable asking questions and navigating ambiguity in a fast-moving environment.
- You care about the mission; these systems handle patient data, and that responsibility resonates with you.
Nice-to-Haves
- Experience in healthcare or health-tech; familiarity with HIPAA Security Rule requirements.
- Exposure to compliance frameworks like SOC 2 Type II, HIPAA, or HITRUST.
- Experience at a company where you've worn multiple hats.
- Relevant certifications (OSCP, CSSLP, CEH)—nice signal, not a gate.
Why You'll Love Working Here
- Real impact—the code you secure protects patient data at major health systems nationwide.
- A collaborative engineering culture where security is valued, not treated as an afterthought.
- Hybrid model with focus time and in-person days (Wed & Thu in South San Francisco).
- Flexible PTO, expansive health/dental/vision (including 100% free options), HSA contributions, generous parental leave, life insurance, home office stipend, cell/internet reimbursement, company holidays, and 401(K).
What We Offer
- Flexible paid time off (PTO)
- Expansive coverage for health, dental, and vision
- Employer contribution to Health Savings Accounts (HSA)
- Generous parental leave policy
- Full employee coverage for life insurance
- Home office stipend
- Cell phone/internet reimbursement
- Company-paid holidays
- 401(K) plan
Compensation
- Based on geo, market data, and other factors, the salary range for this position is $205,000-$275,000 + Equity. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description.
The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we'll consider your location, experience, and other job-related factors.
We're committed to doing the best work of our lives, together. Come see if we're the right team for you.
AKASA is a proud equal opportunity employer and we believe that a diverse and inclusive workforce is an imperative. We welcome people of different backgrounds, genders, races, ethnicities, abilities, sexual orientations, and perspectives, just to name a few. We do not discriminate based upon any protected class and we encourage candidates of all identities and backgrounds to apply. AKASA considers qualified applicants regardless of criminal histories in accordance with the San Francisco Fair Chance Ordinance.
AKASA is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at recruiting@akasa.com.
