Senior Application Security Engineer

We're looking for a seasoned Application Security Engineer to lead our security strategy from the ground up, ensuring we deliver safe, compliant, and robust software solutions. Keep reading to learn more about the role, our team, and why House Rx is the right next step in your career.

About The Role

We’re looking for a Senior Application Security Engineer to own application security from the ground up. This is a role with broad authority to architect, implement, and continuously improve how we build secure software. You won’t be “bolted on” to engineering - you’ll be embedded, trusted, and expected to lead.

Our core stack is TypeScript, Node.js, and AWS-native services. You will set the vision for secure development across our platform.

What You’ll Do

• Build Our AppSec Program: Establish foundational security practices, policies, tooling, and enforcement mechanisms from the ground up.
• Technical Leadership: Develop secure-by-default patterns and frameworks specifically for our TypeScript/Node.js codebase.
• Security Reviews and Threat Modeling: Lead comprehensive threat modeling exercises, secure code reviews, and architecture assessments for platform services and product features.
• Tooling & Automation: Select, deploy, and operationalize essential AppSec tools (e.g., SAST, SCA, secrets scanning, fuzzing) suitable for our current and future scale.
• AWS Environment Hardening: Collaborate closely with engineering teams to enhance IAM controls, data encryption strategies, secure deployment pipelines, and logging mechanisms.
• Secure Development Practices: Educate and mentor engineering teams through playbooks, checklists, training, and best practices.
• Vulnerability Management: Lead vulnerability intake, triage, and remediation processes, providing clear guidance and tracking to resolution.
• Incident Response: Serve as the Application Security SME during security incidents, partnering closely with IT and compliance teams to address issues rapidly and effectively.

About You

• 5+ years of experience in application security or a strong engineering background with deep security expertise.
• Expert-level proficiency with TypeScript, Node.js, and AWS (especially IAM, API Gateway, Lambda, EKS).
• Hands-on experience selecting and managing security tooling (Semgrep, Snyk, CodeQL, etc.) with clearly articulated rationale.
• A pragmatic approach to security - balancing robust protections with practical engineering constraints and rapid product development.
• Strong communication skills and a passion for embedding security into engineering culture.
• Bonus points for experience building security programs within regulated industries (healthtech, fintech, etc.).

In particular, we offer:

• Flexible work hours and flexible paid time off
• Generous parental leave
• Comprehensive healthcare, vision and dental benefits
• Competitive salary and equity stake

We’re backed by forward-thinking investors committed to transforming healthcare, including Bessemer Venture Partners, First Round Capital, LRV Health, Khosla Ventures, Maverick Ventures, 1984.vc, and Character.

While a cover letter is optional, a note sharing your enthusiasm for House Rx and this role is highly insightful.

Expected Full-Time Base Salary:  $150,000-$180,000

This range represents the low and high end of the anticipated base salary/wage. The actual base salary/wage will depend on several factors, including experience, knowledge, and skills. Actual compensation packages may include other elements equity, paid time off and benefits.

More About House Rx: Our Team, Work, and Culture

Here's our amazing PDE team that builds healthcare technology that matters:

• Software Engineering: 10 engineers+ from early career to staff/architect level
• Product & Design: 3 product managers, 2 designers
• Infrastructure: 2 IT engineers, 3 SREs
• Quality & Support: 3 QA engineers, 2 support specialists

Together, we build and maintain impactful solutions through our pharmacy management system and data insights platform. These tools enable our internal teams, pharmacists, care coordinators, and clinical operations, to streamline medication access, while helping external healthcare providers and clinics deliver better patient care.

💻 Our engineering work presents exciting technical challenges as we balance user-facing features with robust internal systems. We release updates daily, requiring thoughtful prioritization and technical excellence while maintaining high quality. This iterative approach means we're constantly innovating to deliver meaningful improvements to our healthcare platform.

🌎 We're a fully remote team, with our talented people spread across New York, Boston, San Francisco, and throughout the U.S. While we embrace the flexibility of remote work, we're passionate about strengthening connections through our bi-annual retreats, both company-wide and PDE-specific, where we plan, grow, and celebrate our successes together. Local team members enjoy getting together for co-working and social events, creating bonds that go beyond the workplace.

🎉 Our culture brings thoughtfulness to our daily work. You'll find us expressing ourselves through our extensive Slack emoji and GIF collection (seriously, it's impressive!), sharing gratitude circles on birthdays, and having conversations that range from foodie recommendations to discussions about AI tooling, developer experience, and architecture. While we take our mission seriously, we believe enjoying what you do and technical excellence go hand in hand.

We're a fun, thoughtful, supportive, talented, and down-to-earth group focused on doing some of the best work of our lives. At the end of the day, we know software is built by people – and we're committed to taking care of both the people we work with and the patients whose lives we touch through our technology. We’re growing our team. There's no one else in the world like you, and hope you can join us for this ride! 🚀