Senior Application Security Engineer

One Medical

About Us:

At One Medical we are passionate about revolutionizing the primary care industry by offering a new approach to primary care. We combine people-centered design, technology, and a team of talented health care providers to give our members an amazing experience. 

One Medical is the fastest-growing primary care system in the country with over 70 locations nationwide in Boston, Seattle, Chicago, Los Angeles, New York, Phoenix, the San Francisco Bay Area, and Washington, DC. 

The Opportunity:

If you like to break apps and you know what it takes to secure apps, then this role is for you. Application security engineers work on a security team that identifies threats and risks, vulnerabilities and attack vectors, and works with engineering to develop ways to mitigate and prevent. This is very much a product security role, where you have the opportunity to take ownership in the overall direction of the security of our products, including cloud and mobile apps.

This role is on the front lines of securing hundreds of thousands of people’s healthcare and personal information. It is not just about finding and fixing vulns; it is very much revolutionizing the security of healthcare. Bring your technical chops to a really good cause.


What you'll do:

  • In general, break applications and find ways to prevent them from being broken.
  • Hands-on security testing (black-box, gray-box) and code review of cloud and mobile products, APIs, internal automation, and internal applications.
  • Threat modeling product features and production environments.
  • Security partnership with product development and engineering teams.
  • Product security guidance and architecture oversight, design reviews, and security feature roadmap collaboration.
  • Security research, presentations, publications, and security industry collaboration.


We expect to see:

  • Application security experience (product security) with hands-on app breaking, finding vulnerabilities, and working with devs to mitigate vulnerabilities.
  • Deep knowledge and experience in at least two of the following languages: Ruby on Rails, Python, Java, Javascript, Angular
  • Experience with OS level vulnerabilities and DB level vulnerabilities
  • Relevant working experience with Unix/Linux and multiple DBs including MySQL, PostgreSQL, Mongo, Redis, etc.
  • Knowledge of real world, applied crypto techniques
  • Experience with scripting, shells, automation
  • B.S. / M.S. in Computer Science, Electrical Engineering or related experience.


Bonus Points If You Have

  • Penetration and/or Red Teaming testing experience
  • Production network security experience
  • CI and automation experience



  • Top-notch Dental, Vision, and Health Insurance
  • PTO, Paid Holidays, and Sabbatical at 5 and 10 years
  • 401K Match
  • Commuter Benefits
  • Paid Parental Leave
  • One Medical Membership for you and your family


This is a full-time role based in San Francisco.

One Medical is an equal opportunity employer and encourages all applicants from every background and life experience.

Read Full Description
Confirmed 30+ days ago. Posted 30+ days ago.

Discover Similar Jobs

Suggested Articles