Staff-Level Application Security Engineer

About Us:

Function was founded with a singular focus: empower you to live 100 healthy years. We’re doing that by using the best available technology to make sure people don't suffer or die a preventable death. Function has been recognized as one of Fast Company’s Most Innovative Companies of 2024, and is venture-backed by Andreessen Horowitz (a16z). Hundreds of thousands of members have joined Function to take control of their health. We are growing our team and seeking out world-class talent that deeply believes in our mission to positively impact global health, has a relentless bias toward action and a growth mindset. Function fosters a collaborative and dynamic environment, where every day we are building the future.

Role:

As the first dedicated AppSec hire at Function Health, you’ll define and own our approach to product and application security. You’ll work shoulder-to-shoulder with engineers to build security into the fabric of how we ship—from design and code review to offensive testing and incident response. This role blends secure development guidance, hands-on testing, and tooling/automation work to protect our members and platform.
We’re looking for someone who can lead, not just advise. Someone who knows how to break systems, but prefers to build them right.

Key Responsibilities:

• Embedded Security Expert: Serve as the embedded security partner to engineering teams, with a focus on pragmatic, high-impact risk reduction.
• Secure Development Leadership: Drive secure development practices across the SDLC—design reviews, threat modeling, secure coding standards, etc.
• Offensive Security Testing: Lead and perform offensive testing (manual and automated) across our apps, APIs, and infrastructure.
• Product Security Oversight: Continuously evaluate our product security posture and partner with engineering on remediation plans.
• Security Tooling Integration: Build or integrate security tooling into CI/CD for secret scanning, SAST, dependency management, and IaC validation.
• Secure-by-Default Frameworks: Own the rollout of secure-by-default development frameworks and controls.
• Telemetry Integration: Connect application-level telemetry to broader detection and response systems.
• Incident Response Support: Contribute to incident response and postmortems when product security is involved.
• Strategic Security Planning: Shape our long-term product security strategy and roadmap.

Qualifications/Skills:

• Experience: 8+ years in software engineering and/or application/product security.
• Proficient in Python: Strong Python experience (FastAPI and other modern frameworks a plus).
• Vulnerability Assessment Expertise: Fluency in identifying and exploiting web/app/API vulnerabilities (beyond just OWASP Top 10).
• Hands-On Penetration Testing: Experience leading or performing penetration tests, ideally with full-stack exposure.
• CI/CD Security Integration: Familiarity with CI/CD pipelines and how to embed security testing into them.
• Collaborative Security Guidance: Comfortable guiding engineers through secure code/design choices without being a blocker.
• AppSec Ownership: Able to own the AppSec function independently—setting strategy, writing policy, building tools, and getting hands dirty.

To be a strong fit, you also need:

• Bias Toward Action: Demonstrated ability to take initiative, make decisions under uncertainty, and move projects forward even in the face of ambiguity. We value individuals who are self-starters and ready to act on opportunities and challenges alike.
• Entrepreneurial Spirit: Strong adaptability to changing business needs with a knack for building and optimizing processes. Your entrepreneurial mindset will be crucial in navigating the dynamic landscape of our industry, ensuring our platform remains competitive and responsive to user needs.
• Communication: Excellent communication skills, capable of explaining complex technical concepts to non-technical stakeholders. Effective communication is vital for cross-functional collaboration and ensuring alignment across our organization.
• Remote Work Adaptability: Comfort with remote work environments, demonstrating the ability to stay productive and connected with the team irrespective of physical location.
• Continuous Improvement: A willingness to question assumptions and a commitment to continuous improvement. Your openness to feedback and dedication to personal and professional growth will contribute significantly to our collective success.

Your dedication to these responsibilities will directly contribute to the success of our platform and the satisfaction of our users. We are looking for a proactive, skilled, and forward-thinking individual to join our team and help shape the future of our services.

Nice-to-Have Skills and Experiences:

While the core competencies are essential, the following qualifications will distinguish exceptional candidates:

• Healthcare Data protection Expertise: experience with healthcare data protection (e.g., HIPAA), red teaming, or security architecture.
• Start-Up Experience: We highly value individuals with start-up experience, especially former founders or early engineering hires. This experience indicates a versatile skill set and an ability to thrive in fast-paced, evolving environments.
• Familiarity with Health Technologies: Knowledge of or experience with popular health technologies, such as Oura, Whoop, Apple Watch, and CGMs (Continuous Glucose Monitors). An interest in or experience with health and wellness technologies suggests a passion for leveraging technology to improve personal and community health outcomes.

Why You'll Love Working With Us:

• Empowerment in Your Role: Revel in the autonomy to work on projects that resonate with your passion and expertise. Thrive in a supportive atmosphere where your independence is cherished, free from the constraints of micromanagement.
• Collaborative and Innovative Culture: Become part of a vibrant community that not only values but thrives on collaboration and innovation. Here, swift execution and the celebration of fresh ideas are the bedrock of our success.

We value our team at Function and offer a competitive salary and benefits package, flexible working hours, and a dynamic work environment where creativity and innovation are encouraged. If you are a highly motivated and experienced individual who is passionate about using technology to improve people’s lives, we would love to hear from you.
Join the Function Health team and become a part of our mission to revolutionize healthcare. Work with us to make a difference in the lives of thousands, ensuring a healthier future for all. Discover more about us and how we're changing the face of healthcare at Function Health.