Realchemistry
Realchemistry

Security Engineer — Application Security & Identity

engineeringfull-timeBoston - Massachusetts; Carmel - Indiana; Chicago - Illinois; Lambertville - New Jersey; Remote - USA
SALARY
Not listed
WORK TYPE
hybrid
JOB TYPE
full-time
INDUSTRY
healthcare
Apply for this position
✦ AutoApply Let us apply to roles like this on your behalf.
Learn more

About the role

Security Engineer — Application Security & Identity

Function: Information Security
Reports to: Head of Security

Role Summary

Owns application security across multiple environments, each with increasing control and compliance requirements. Acts as reviewer for the least complex environments and co-reviewer for higher complexity and controlled environments. Defines and enforces security controls across AWS hosted workloads and GitHub based development pipelines while maintaining independent review authority.

Applications originate as AI-assisted prototypes and require structured security validation before enterprise production deployment.

Key Responsibilities

  • Conduct security reviews of Internally developed applications including:
    • Data flow validation
    • Security control design and implementation
    • Secrets handling
    • AI/LLM Data Loss Prevention (DLP)
  • Co-lead production readiness reviews for strictly governed environments:
    • Threat modeling
    • Hardening validation
    • Compliance mapping (SOC 2 and contractual and regulatory requirements)
  • Define and enforce identity architecture:
    • Corporate identity: Entra ID
    • Workload identity: AWS IAM and GitHub OIDC
  • Define and manage GitHub native security controls:
    • GitHub Advanced Security (CodeQL / SAST)
    • Dependabot (dependency scanning)
    • Secret scanning
    • Branch protection and environment controls
  • Establish standards for security tooling:
    • SAST (CodeQL, Semgrep)
    • SCA (Dependabot, Snyk)
    • Container scanning (Trivy, ECR scanning)
    • Infrastructure as Code (IaC) policy (OPA, Sentinel, tfsec)
  • Define AWS security standards:
    • IAM design and least-privilege access
    • Logging and audit requirements
    • Secrets management and rotation
  • Scope and coordinate third-party penetration testing
  • Maintain audit logging maturity per environment requirements:
    • Baseline logging
    • User-level activity tracking
    • Tamper-evident audit trails with SIEM integration
  • Perform initial triage and risk classification within time requirements for critical issues identified in intake (data exposure, credentials, regulatory risk).
  • Partner with DevOps Engineering to ensure security policies are implemented in pipelines.
✦ Let us apply for you
We find roles like this and apply on your behalf. Cover letter written for each one. Plans from $15/mo. Cancel anytime.
Get AutoApply
Apply now
Security Engineer — Application Security & Identity at Realchemistry — Remote