Realchemistry
Security Engineer — Application Security & Identity
engineeringfull-timeBoston - Massachusetts; Carmel - Indiana; Chicago - Illinois; Lambertville - New Jersey; Remote - USA
SALARY
Not listed
WORK TYPE
hybrid
JOB TYPE
full-time
INDUSTRY
healthcare
✦ AutoApply Let us apply to roles like this on your behalf.
Learn more
About the role
Security Engineer — Application Security & Identity
Function: Information Security
Reports to: Head of Security
Role Summary
Owns application security across multiple environments, each with increasing control and compliance requirements. Acts as reviewer for the least complex environments and co-reviewer for higher complexity and controlled environments. Defines and enforces security controls across AWS hosted workloads and GitHub based development pipelines while maintaining independent review authority.
Applications originate as AI-assisted prototypes and require structured security validation before enterprise production deployment.
Key Responsibilities
- Conduct security reviews of Internally developed applications including:
- Data flow validation
- Security control design and implementation
- Secrets handling
- AI/LLM Data Loss Prevention (DLP)
- Co-lead production readiness reviews for strictly governed environments:
- Threat modeling
- Hardening validation
- Compliance mapping (SOC 2 and contractual and regulatory requirements)
- Define and enforce identity architecture:
- Corporate identity: Entra ID
- Workload identity: AWS IAM and GitHub OIDC
- Define and manage GitHub native security controls:
- GitHub Advanced Security (CodeQL / SAST)
- Dependabot (dependency scanning)
- Secret scanning
- Branch protection and environment controls
- Establish standards for security tooling:
- SAST (CodeQL, Semgrep)
- SCA (Dependabot, Snyk)
- Container scanning (Trivy, ECR scanning)
- Infrastructure as Code (IaC) policy (OPA, Sentinel, tfsec)
- Define AWS security standards:
- IAM design and least-privilege access
- Logging and audit requirements
- Secrets management and rotation
- Scope and coordinate third-party penetration testing
- Maintain audit logging maturity per environment requirements:
- Baseline logging
- User-level activity tracking
- Tamper-evident audit trails with SIEM integration
- Perform initial triage and risk classification within time requirements for critical issues identified in intake (data exposure, credentials, regulatory risk).
- Partner with DevOps Engineering to ensure security policies are implemented in pipelines.
✦ Let us apply for you
We find roles like this and apply on your behalf. Cover letter written for each one. Plans from $15/mo. Cancel anytime.
Get AutoApply