HeartFlow is a Software as a Service (SaaS) medical device company. We use cutting-edge technology (deep learning, computational fluid dynamics, cloud-based computing) combined with advanced clinical expertise to revolutionize the treatment of coronary artery disease. We have an exciting and challenging opportunity for a talented, highly experienced, Cloud Application Security Engineer (or Architect depending on experience level) with significant hands-on code review, architecture design and analysis experience to help continue to improve the security of our software offerings and continue to shape the foundation and mature our application security program.

The Cloud Application Security Engineer is a senior level position that reports directly to the Cloud Security Engineering Manager, but works closely with development teams, product teams, and other teams across the organization to integrate security into the product lifecycle from design through deployment. The Cloud Application Security Engineer is a subject matter expert in defining security requirements, performing application security assessments, and providing developers with remediation guidance and advice. On any given day the Cloud Application Security Engineer can be pulled in to evaluate a new product design, review a proposed network architecture change, or provide guidance on application security coding best practices.

Work independently with developers, system/network administrators, product owners, and other colleagues to ensure secure design, development, and implementation of applications and networks

#LI-IB1

Job Responsibilities:

• Perform security design reviews of our products suite (primarily cloud)




• Perform code analysis of large applications, manually and using SAST and DAST scanning solutions as well as conducting manual vulnerability analysis




• Provide remediation guidance and recommendations to developers and administrators




• Interface with the Customer Success team to discuss and track security feature enhancement requests from our global customers




• Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests




• Define security best practices and standards and ensure Product Development teams understand them and receive pertinent annual secure coding training




• Collaborate / work closely with DevOps, SecOps in securing the AWS environment

Skills Needed:

• Experience working with development teams to build secure solutions




• Experience breaking down complex systems and applications to find flaws




• Experience as an Application/Product Security Engineer, Engineer or Developer




• Proficiency in reading, writing, and auditing Python or Javascript and the ability to pick up new languages/technologies




• Strong familiarity with common vulnerabilities and attack vectors




• Knowledge of web service technologies, load balancer services (i.e. Nginx, Cloudflare, F5, etc.) and RESTful APIs




• Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments




• The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management




• Excellent written and verbal communication skills, interpersonal and collaborative skills




• Must be a critical thinker, with strong problem-solving skills




• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity




• Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations and best practices.

Preferred Experience:

• Experience using a Cloud Security and Posture Management solution (i.e. CloudGuard)




• Familiarity with the NIST Secure Software Development Framework (SSDF)




• A background integrating security testing into the SDLC (preferably the SCRUM framework)




• Experience providing security training to developers




• Prior work as a consultant at a highly technical information security consultancy




• Previous work as a technical security Engineer or related security role in a company where there is a commitment to information security and technology




• Additional programming languages such as Java, Python, Object C




• Demonstrated experience using DAST and SAST tools and services




Location: Redwood City, CA (Preferred), Austin, TX or Remote (Least preferred but will consider)

About HeartFlow, Inc.

HeartFlow, Inc. is a medical technology company redefining the way heart disease is diagnosed and treated. Our non-invasive HeartFlow FFRct Analysis leverages deep learning to create a personalized 3D model of the heart. By using this model, clinicians can better evaluate the impact a blockage has on blood flow and determine the best treatment for patients. Our technology is reflective of our Silicon Valley roots and incorporates decades of scientific evidence with the latest advances in artificial intelligence. The HeartFLow FFRct Analysis is commercially available in the United State, Canada, Europe and Japan. For more information, visit www.heartflow.com.

HeartFlow, Inc. is an Equal Opportunity Employer. We are committed to a work environment that supports, inspires, and respects all individuals and do not discriminate against any employee or applicant because of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law. This policy applies to every aspect of employment at HeartFlow, including recruitment, hiring, training, relocation, promotion, and termination.

Positions posted for HeartFlow are not intended for or open to third party recruiters / agencies. Submission of any unsolicited resumes for these positions will be considered to be free referrals.

US Locations Only: All employees and contingent workers (contractor, consultant, interns or temporary personnel) are required to be vaccinated against SARS-CoV-2 and any booster as recommended by CDC, unless a reasonable accommodation is approved. All prospective hires will be expected to provide proof of vaccination on their first day of employment.