Application Security Engineer

Passionate about precision medicine and advancing the healthcare industry?

Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time.

About the role:
An application security engineer ensures that every step of the software development lifecycle (SDLC) follows security best practices. They are also responsible for adhering to secure coding principles and aid in testing the application against security risks/parameters before release.

Responsibilities

• Support and consult with product and development teams in the area of application security, including threat modeling and application security reviews
• Perform security-focused code reviews
• Designing and Implementing software application security controls. 
• Developing and maintaining documentation of application security controls.
• Assist in development of security processes and automated tooling that prevent classes of security issues.
• Performing application scanning and testing.  
• Assist in reproducing and triaging application security vulnerabilities.
• Communicating the nature and severity of security concerns to the development team. 
• Support designing technical solutions to address security weaknesses. 
• Support developing and maintaining software application security policies and procedures.
• Support the vulnerability disclosure program.

Requirements

• Able to work well with software development teams and Product Managers.
• Experience identifying security issues through code review.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Familiarity with some common security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).
• Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
• Basic development or scripting experience and skills. Python, JavaScript, and/or Go are preferred.
• A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS).

Bonus points for:

• Experience in Docker, GCP
• An interest in working in biotech, genomics, and precision medicine
• ISC2 CC (Certified in Cybersecurity)

#LI-SH1 #LI-Hybrid

The expected salary range below is applicable if the role is performed from [Illinois] and may vary for other locations. Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits, depending on the position.

Illinois Pay Range$100,000—$150,000 USD

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

 

Additionally, for remote roles open to individuals in unincorporated Los Angeles – including remote roles- Tempus reasonably believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment: engaging positively with customers and other employees; accessing confidential information, including intellectual property, trade secrets, and protected health information; and appropriately handling such information in accordance with legal and ethical standards. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law, including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.