Application Security Engineer

Posted Yesterday
Easy Apply
Hiring Remotely in USA
Remote or Hybrid
100K-140K Annually
Mid level
Healthtech • Information Technology • Software • Telehealth
The Role
Partner with engineering, compliance, and security teams to embed application security into the SDLC: triage static/SCA alerts, advise on OWASP Top 10 remediation, maintain developer playbooks and training, track security metrics and evidence for audits, and help shape AI governance and GenAI-safe workflows.
Summary Generated by Built In

Our Mission

Healthcare should work for patients, but it doesn’t. In their time of need, they call down outdated insurance directories. Then wait on hold. Then wait weeks for the privilege of a visit. Then wait in a room solely designed for waiting. Then wait for a surprise bill. In any other consumer industry, the companies delivering such a poor customer experience would not survive. But in healthcare, patients lack market power. Which means they are expected to accept the unacceptable.


Zocdoc’s mission is to give power to the patient. To do that, we’ve built the leading healthcare marketplace that makes it easy to find and book in-person or virtual care in all 50 states, across +200 specialties and +12k insurance plans. By giving patients the ability to see and choose, we give them power. In doing so, we can make healthcare work like every other consumer sector, where businesses compete for customers, not the other way around. In time, this will drive quality up and prices down. 


We’re 18 years old and the leader in our space, but we are still just getting started. If you like solving important, complex problems alongside deeply thoughtful, driven, and collaborative teammates, read on.


Your Impact to our Mission

Zocdoc’s most important asset is our people. As an Application Security Engineer, you’ll play a meaningful role in helping our development organization build secure software with confidence. In this role, you’ll work closely with our Compliance, Security, and Engineering teams to support our secure software development lifecycle, strengthen application security governance, and help shape emerging AI governance guardrails across the business.

You'll enjoy this role if you...

  • Personally motivated by helping teams build secure software and reduce risk before issues reach production.
  • Autonomous, urgent, and creative. You genuinely love turning security requirements into practical guidance for developers.
  • Highly collaborative and energized by partnering with engineering squads across the software development lifecycle.
  • Passionate about application security, secure coding, and improving how teams work within modern development environments.
  • A clear communicator who can make security concepts approachable and actionable for technical partners.
  • The kind of person who is excited by emerging technology trends, especially AI security risks and automated workflows.
  • Serious about your work, but not about yourself.

Your day to day is...

  • Serving as an accessible point of contact for engineering squads, helping teams understand and follow secure development lifecycle guidelines.
  • Assisting developers in reviewing and interpreting alerts from static analysis and software composition analysis tools, including helping distinguish true vulnerabilities from false positives.
  • Providing clear, actionable guidance on remediating common application security vulnerabilities, including issues aligned to the OWASP Top 10.
  • Helping maintain internal security documentation, developer playbooks, and secure coding training materials so that compliance expectations are clear and achievable.
  • Supporting application security governance by tracking key security milestones and organizing technical evidence from repositories and deployment pipelines for compliance audits.
  • Monitoring application security metrics, including vulnerability patch timelines and policy exceptions, to support regular leadership reporting.
  • Working with cutting-edge GenAI tools and technology while supporting AI governance frameworks and helping ensure AI-enabled workflows align with privacy and security guardrails.

You’ll be successful in this role if you have…

  • Meaningful experience in an information security role, software engineering position, or IT audit function with an application security focus.
  • A foundational understanding of software development processes and how security fits into agile environments.
  • Familiarity with code review concepts and comfort reading at least one major language used in cloud environments, such as Python, JavaScript, Go, or Java.
  • Basic exposure to cloud environments such as AWS, GCP, or Azure, along with an understanding of Git workflows.
  • A conceptual understanding of vulnerability categories and web application security standards.
  • An interest in emerging technology trends, especially AI security risks and automated workflows.
  • Required: the ability to integrate generative AI tools into daily workflows to automate tasks, foster innovation, and maximize productivity.
  • A degree in Computer Science, Cybersecurity, or a related technical field is preferred, though equivalent hands-on experience or certifications such as Security+, GSEC, or CEH are also highly valued.
  • Superb communication skills, humility, and a collaborative approach to supporting stakeholders across engineering and security.

Benefits

  • Flexible work environment
  • Unlimited Vacation
  • 100% paid employee health benefit options (including medical, dental, and vision)
  • 401(k) with employer funded match
  • Corporate wellness program with Wellhub
  • Sabbatical leave (for employees with 5+ years of service)
  • Competitive paid parental leave and fertility/family planning reimbursement
  • Cell phone reimbursement
  • Employee Resource Groups and ZocClubs to promote shared community and belonging
  • Great Place to Work Certified
Zocdoc is committed to fair and equitable compensation practices. Salary ranges are determined through alignment with market data. Base salary offered is determined by a number of factors including the candidate’s experience, qualifications, and skills. Certain positions are also eligible for variable pay and/or equity; your recruiter will discuss the full compensation package details.
NYC Base Salary Range
$100,000$140,000 USD

About us
Zocdoc is the country’s leading digital health marketplace that helps patients easily find and book the care they need. Each month, millions of patients use our free service to find nearby, in-network providers, compare choices based on verified patient reviews, and instantly book in-person or video visits online. Providers participate in Zocdoc’s Marketplace to reach new patients to grow their practice, fill their last-minute openings, and deliver a better healthcare experience. Founded in 2007 with a mission to give power to the patient, our work each day in pursuit of that mission is guided by our six core values. Zocdoc is a private company backed by some of the world’s leading investors, and we believe we’re still only scratching the surface of what we plan to accomplish. 

Zocdoc is a mission-driven organization dedicated to building teams as diverse as the patients and providers we aim to serve. In the spirit of one of our core values - Together, Not Alone, we are a company that prides itself on being highly collaborative, and we believe that diverse perspectives, experiences and contributors make our community and our platform better.  We’re an equal opportunity employer committed to providing employees with a work environment free of discrimination and harassment. Applicants are considered for employment regardless of race, color, ethnicity, ancestry, religion, national origin, gender, sex, gender identity, gender expression, sexual orientation, age, citizenship, marital or parental status, disability, veteran status, or any other class protected by applicable laws.
Job Applicant Privacy Notice


Skills Required

  • Experience in information security, software engineering, or IT audit with an application security focus
  • Foundational understanding of software development processes and security in agile environments
  • Familiarity with code review concepts and ability to read at least one major language (Python, JavaScript, Go, or Java)
  • Basic exposure to cloud environments (AWS, GCP, or Azure) and understanding of Git workflows
  • Conceptual understanding of vulnerability categories and web application security standards (e.g., OWASP Top 10)
  • Ability to integrate generative AI tools into daily workflows
  • Degree in Computer Science, Cybersecurity, or related field, or equivalent hands-on experience/certifications (Security+, GSEC, CEH)
  • Superb communication skills, humility, and a collaborative approach to supporting stakeholders

What the Team is Saying

Nick Finger
Kylie Sharp
Meaghan Fenton
Brandon LaRue
Tony
Brian
Natalie
Faith
Brandie

Zocdoc Compensation & Benefits Highlights

  • Healthcare Strength Health coverage includes employer-paid options for employees and dependents, plus comprehensive dental, vision, and mental‑health support. Plan quality is portrayed as high and paired with wellness initiatives that reinforce overall care.
  • Leave & Time Off Breadth Many salaried roles feature unlimited PTO alongside paid sick days and holidays, with longer‑tenure eligibility for sabbatical noted in some cases. Flexible time‑off practices are emphasized as part of the total package.
  • Parental & Family Support Fully paid parental leave is positioned as generous and is complemented by fertility benefits, adoption assistance, and a structured return‑to‑work program. Family medical leave eligibility and resources such as a dedicated mother’s room extend this support.

Zocdoc Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: New York, NY
900 Employees
Year Founded: 2007

What We Do

Zocdoc is the tech company at the beginning of a better healthcare experience. Each month, millions of patients use Zocdoc to find in-network neighborhood doctors, instantly book appointments online, see what other real patients have to say, get reminders for upcoming appointments and preventive check-ups, fill out their paperwork online, and more.

Why Work With Us

Zocdoc's forward-thinking approach prioritizes collaboration, agility, and continuous learning in service of our long-term vision. This has helped us drive significant innovation in a complex, slow-moving industry, and our talented team is looking for impact-minded individuals to join us as we continue to re-imagine the healthcare experience.

Gallery

Gallery
Gallery
Gallery
Gallery

Zocdoc Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Our NYC office is accessible to all employees five days a week, though working in-office remains completely voluntary; everyone is invited but nobody is required to work in the office.

Typical time on-site: Not Specified
HQNew York, NY
Pune, IN
Learn more

Similar Jobs

Zocdoc Logo Zocdoc

Staff Software Engineer

Healthtech • Information Technology • Software • Telehealth
Easy Apply
Remote or Hybrid
USA
900 Employees
200K-290K Annually

Zocdoc Logo Zocdoc

Engineering Manager

Healthtech • Information Technology • Software • Telehealth
Easy Apply
Remote or Hybrid
USA
900 Employees
210K-270K Annually

Zocdoc Logo Zocdoc

Staff Software Engineer

Healthtech • Information Technology • Software • Telehealth
Easy Apply
Remote or Hybrid
New York, NY, USA
900 Employees
211K-285K Annually

Zocdoc Logo Zocdoc

Data Scientist

Healthtech • Information Technology • Software • Telehealth
Easy Apply
Remote or Hybrid
New York, NY, USA
900 Employees
200K-270K Annually

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account