Application Security Engineer

Overview

We are looking for an Application Security Engineer to help secure Anomaly's products, platforms, and development lifecycle. In this role, you will partner closely with Engineering, Infrastructure, and Product teams to identify and mitigate security risks across our applications and cloud environments while enabling rapid product innovation.

You will be responsible for embedding security into every stage of the software development lifecycle, helping engineers build secure systems by default. This includes performing security reviews, threat modeling new features, improving detection and remediation processes, and developing scalable security tooling and automation.

The Application Security Engineer reports to the Chief Technology Officer and works closely with engineering leadership to ensure our products and infrastructure meet the security expectations of healthcare providers, partners, and regulators.

This position is ideal for someone who enjoys hands-on technical security work, thrives in a fast-moving startup environment, and wants to have a direct impact on the security posture of AI-powered healthcare products.

Responsibilities

• Embed security throughout the software development lifecycle, from architecture and design reviews through deployment and monitoring

• Perform application security assessments, threat modeling, and code reviews for new and existing products

• Develop and maintain security tooling, automation, and guardrails to help engineers identify and remediate vulnerabilities early

• Manage vulnerability detection and remediation processes across applications, APIs, cloud infrastructure, and third-party dependencies

• Partner with engineering teams to improve secure coding practices and security awareness

• Design and implement security controls for cloud-native environments running on AWS

• Evaluate and improve authentication, authorization, secrets management, and data protection mechanisms across our products

• Build and maintain security monitoring and detection capabilities for application and infrastructure environments

• Conduct security testing, including static analysis, dynamic analysis, dependency scanning, and penetration testing coordination

• Support customer security reviews and audits by providing technical expertise related to product and application security

• Help define security standards and best practices for the development and deployment of AI-powered systems

Qualifications

• 4+ years of experience in Application Security, Product Security, Security Engineering, or Software Engineering with a strong security focus

• Strong understanding of common application security vulnerabilities and secure coding principles, including OWASP Top 10 risks

• Experience conducting threat modeling, security reviews, and vulnerability assessments for web applications and APIs

• Familiarity with modern application security tooling, including SAST, DAST, dependency scanning, container scanning, and CI/CD security controls

• Experience securing cloud-native applications running on AWS

• Proficiency in at least one modern programming language such as Python, Go, Java, TypeScript, or similar

• Experience working closely with engineering teams to drive remediation and improve security posture

• Understanding of authentication, authorization, cryptography, and secure system design principles

• Experience operating in regulated environments such as healthcare, fintech, or enterprise SaaS is a plus

• Familiarity with AI/ML systems and emerging security considerations around LLMs, agents, and model-integrated applications is a plus

• Ability to balance security, engineering velocity, and business priorities in a collaborative startup environment