Senior Security Engineer

Overview:

About the Role

We’re looking for a detail oriented, technically skilled engineer to join our Application Security team. This role offers opportunities to influence the group’s growth and direction while integrating security within the entire Software Development Life Cycle (SDLC).

Security Engineers will collaborate with product and engineering teams to embed security into all phases of the SDLC from feature design and implementation to deployment. They also establish and evaluate security and safety controls for generative AI LLM enabled services.

They will also deploy, maintain and tune the tools used to perform this testing.

Security Engineers serve as subject matter experts on integrating third party SaaS platforms into our services and infrastructure, and during incident response.

The ideal candidate will have experience securing, hardening, and identifying vulnerabilities in web applications, RESTful and GraphQL APIs, and mobile applications (iOS and Android) in a cloud hosted microservice environment.

The ideal candidate will also have experience risk assessing the results of automated SCA, SAST and DAST to validate severity before assigning to engineers for remediation.

They may also have experience in securing Generative AI LLM services, including, but not limited to security guardrails to prevent jailbreaks, sensitive information disclosure, data/model poisoning, and safety guardrail verification and testing.

• Implement automated security scanning tools and perform manual security assessments including source code review to harden Hinge Health web applications, mobile applications and API endpoints.
• Enable the product teams to create secure by design product features and services by working alongside product managers and engineers during the design phase of projects including Generative AI projects.
• Assist with third party security assessments and penetration tests of Hinge Health web applications, API endpoints, and mobile applications, including interpretation of results and verification of remediations.
• Contribute to the improvement of Software Development Life Cycle management policies, procedures, and standards.

Hinge Health Hybrid Model

We believe that remote work and in-person work have their own advantages and disadvantages, and we want to be able to leverage the best of both worlds. Employees in hybrid roles are required to be in the office 3 days/week.

Qualificatons:

• Experience with automated security testing, including configuring and automating security scans as part of the CI/CD process, and interpreting the results and working directly with engineers on prioritization and remediation
• Experience in examining source code in multiple languages to evaluate security controls and identifying common coding and design vulnerabilities. Experience with OWASP Top 10 and other common security flaw patterns

• Experience securing applications in Healthcare, securing ePHI and HIPAA/HITECH regulations.
• Experience assessing the security and safety of Generative AI LLM solutions and in evaluating and implementing solutions for their continuous monitoring
• Familiarity with HITRUST CSF and NIST control frameworks
• Experience in Threat Modeling
• Experience performing security assessments and secure design of hardware and firmware of medical devices communicating over Bluetooth
• Experience with any of the following, deploying web based services on AWS infrastructure, Kubernetes, Typescript, ReactNative, Python, Go, Ruby on Rails, GraphQL, IaC using Terraform
• Incident Handling: Be able to work as a subject matter expert in the security controls, internal communications, and infrastructure of Hinge Health applications during security incidents

Compensation

The annual salary range for this position is C$120,000 - C$180,000.

Company Information:

About Hinge Health

Our approach is proven to reduce pain by 68%, prevent 42% of new opioid prescriptions, and avoid more than half of joint replacement surgeries. Available to 18M people, Hinge Health is trusted by leading health plans and employers, including Land O’Lakes, L.L. Bean, Salesforce, Self-Insured Schools of California, Southern Company, City of Boston, US Foods, and Verizon.Learn more at http://www.hingehealth.com

• Inclusive healthcare and benefits: On top of comprehensive medical, dental, and vision coverage, we offer employees and their family members help with gender-affirming care, tools for family and fertility planning, and travel reimbursements if healthcare isn’t available where you live.
• Planning for the future: Start saving for the future with our traditional or Roth 401k retirement plan options which include a 2% company match.
• Modern life stipends: Manage your own learning and development

Diversity and Inclusion

We’re committed to building diverse teams that reflect the communities we serve. Visit hingehealth.com/diversity-equity-and-inclusion to learn more about what moves us.

We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

We provide reasonable accommodations for candidates with disabilities. If you feel you need assistance or an accommodation due to a disability, let us know by reaching out to your recruiter.