Sr. Application Security Engineer (Remote)

We believe that mental health is just as important as physical health. We recognize that mental health issues can be complex and multifaceted, and we are dedicated to treating the whole person, not just the symptoms.

We aim to create a world where mental health is no longer stigmatized or marginalized, but rather is embraced as an integral part of one's overall well-being. 

We believe that by providing quality care that is both evidence-based and compassionate, we can empower individuals to take charge of their mental health and achieve their full potential. We are passionate about making a positive impact on the lives of those struggling with mental health issues and we strive to be a force for positive change in the field of mental healthcare.

About the Role

The Security Team at Rula is responsible for ensuring the protection of patient data and all of the technology supporting our platform. We maintain our closest partnerships with Engineering and Product teams, but work with all teams across the company to ensure that security is a vital component of Rula’s culture and operations. In this role, you’ll have the opportunity to enhance the security of our code and development practices, and will improve vulnerability and secrets management throughout Engineering. Overall, you’ll encounter endless learning opportunities and pursue projects that will leverage and refine your skills. More importantly, the work you do will help ensure the best outcomes for patients as we strive to make mental healthcare work for everyone.

Required Qualifications

• 4+ years of experience as a security engineer

• 2+ years of that experience should be at the ‘Senior’ level

• Proficient with JavaScript, TypeScript, Node.js, and/or Ruby

• A functional understanding of OWASP Top 10 risks and how they apply to modern services

• Familiarity with SAST and CI/CD tooling and best practices

• Experience assessing vulnerabilities in code and packages, and articulating severity and remediation options to developers

Preferred Qualifications

While having the preferred qualifications enhances your candidacy, having all of them is not mandatory. We encourage all interested applicants to apply, even those who may not meet every preferred requirement.

• Experience launching and/or managing a bug bounty program

• A functional understanding of HIPAA

• Ability to manage Web Application Firewall (WAF) tuning and alerts

• Familiarity with JS front-end libraries, preferably React

• Experience interfacing with 3rd party pen-testers to validate findings and develop remediation plans 

We're serious about your well-being! As Part Of Our Team, Full-Time Employees Receive

• 100% remote work environment from anywhere in the US

• Competitive pay and benefits that don’t change based on location

• Health benefits: medical, dental, vision, life, disability, and FSA/HSA 

• Access to our 401(k) plan

• Generous time off policies, including 2 company-wide shutdown weeks each year (for most employees) to focus on self-care

• Paid parental leave

• Employee Assistance Program (EAP) 

• Stipend to ensure your home office sets you up for success

• Quarterly department stipend for team building or in-person gatherings

• Wellness events and lunch & learns spanning many topics

Our Team

We believe that diversity, equity, and inclusion are fundamental to our mission of making mental healthcare work for everyone. We are dedicated to having a culture of inclusion that will support our employees in feeling safe, seen, heard, and valued.

Compensation Range: $162.9K - $191.6K