Senior Application Security Engineer

Passionate about precision medicine and advancing the healthcare industry?

Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time.

Senior Application Security Engineer

Tempus is seeking a Senior Application Security Engineer with deep expertise in penetration testing to join our Application Security team. In this role, you will lead efforts to identify and remediate vulnerabilities in our web, mobile, and medical device applications, helping to safeguard sensitive healthcare data and support our mission to improve patient outcomes.

Responsibilities:

• Conduct penetration tests on web, mobile, and software medical device applications, as well as internal systems.

• Lead threat modeling and risk assessment activities for new and existing products.

• Develop and execute test plans, scenarios, scripts, or procedures.

• Document findings, prepare detailed reports, and work with development teams to remediate identified issues.

• Track and manage vulnerabilities through their lifecycle.

• Develop and maintain custom security testing tools and automation scripts.

• Stay up-to-date with the latest testing and ethical hacking methods, tools, and industry trends.

• Assist in the development and maintenance of application security policies, standards, and guidelines.

• Work with security and IT teams to enhance the overall security posture of the organization.

• Provide security training and awareness to development teams.

• Participate in the design and review of new technologies and major changes to existing technologies from a security perspective.

• Ensure compliance with healthcare and data privacy regulations (e.g., HIPAA, GDPR).

• Evaluate third-party applications and vendors for security risks.

• Mentor junior team members and contribute to a culture of security.

Qualifications:

• 5+ years of proven experience in penetration testing, with a strong preference for experience in healthcare or other highly regulated environments.

• Strong understanding of security principles, techniques, and technologies.

• Experience with a variety of security tools and products (e.g., Burp Suite, Snyk, Metasploit, Nmap).

• Familiarity with programming/scripting languages such as Python, JavaScript/TypeScript, or others.

• Experience with cloud security (AWS, Azure, GCP) and secure SDLC practices.

• Excellent problem-solving, analytical, communication, and interpersonal skills.

• Relevant certifications such as OSCP, GPEN, OSCE, GWAPT, CSSLP, or similar are highly desirable.

• Experience mentoring and training others in security best practices.

The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position.

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.