Senior Application Security Engineer

at Headway
๐Ÿ’ฐ $188k-$230k
๐Ÿ”’ Cybersecurity๐ŸŸฃ Senior

Job description

Headwayโ€™s mission is a big one โ€“ to build a new mental health care system everyone can access. Weโ€™ve built technology that helps people find great therapists with the first software-enabled national network of providers accepting insurance.

1 in 4 people in the US have a treatable mental health condition, but the majority of providers donโ€™t accept insurance, making therapy too expensive for most people. Headway is building a new mental healthcare system that everyone can access by making it easy for therapists to accept insurance and scale their practice.

Headway was founded in 2019. Since then, weโ€™ve grown into a diverse, national network of over 34,000 mental healthcare providers across all 50 states who run their practice on our software. Weโ€™re a Series D company with over $325m in funding from a16z (Andreessen Horowitz), Accel, GV (formerly Google Ventures), Spark Capital, Thrive Capital, Forerunner Ventures and Health Care Service Corporation.

We want your time here to be the most meaningful experience of your career. Join us, and help change mental healthcare for the better.

About the role

The Trust team at Headway is focused on security and privacy for all of Headwayโ€™s customers - therapists, patients, and payers (ex: insurance companies and health systems). As an early member on the team, youโ€™ll have the unique opportunity to be the builder and driver of our dedicated, in-house product and application security engineering efforts. In this role, you will partner closely with our product and engineering teams to ensure that our application is designed and developed securely so that we can maintain and grow customersโ€™ trust in Headway.

What youโ€™ll do at Headway:

  • Partner with Product and Engineering: Headway has many new product launches on the horizon that will transform the industry and have a rich data component. You will be a partner at both the design and development stage to ensure that we implement new features securely, including (but not limited to):

    • Participating in the implementation efforts
    • Doing security reviews
    • Helping with product design decisions
    • Auditing and surfacing vulnerabilities in our current products

  • Develop and Improve our Automated Tooling: Further enhance our automated tooling to scale our application security capabilities and find potential code problems both before and after we deploy.

  • Make the safe way, the easy way: Work on defining and building application guardrails so that developers can build securely by default. You also will work to instill a culture of secure development across engineering.

  • Assist in ongoing security operations: You will be part of the security and privacy team and have responsibilities to assist in incident response, vulnerability management, penetration testing, security reviews, and other operational tasks to ensure that our security program is operating at a world-class level.

Tools we use:

  • Cloud Security: Lacework
  • Languages: Python 3, TypeScript
  • Libraries: FastAPI, SQLAlchemy, React
  • Datastores: Postgres, Redis
  • Infrastructure: AWS (Fargate, ECS, S3, and more), Spark and Kafka
  • Monitoring: Datadog, PagerDuty
  • Version Control: Github
  • Vulnerability Management: Snyk, Semgrep

Youโ€™ll be great for this role if you have:

  • Have 0 โ†’ 1 security experience: You have 5+ years experience in security and/or software engineering roles with a demonstrated history of working on security-related projects or with responsibilities as a security generalist.
  • Strong cross-functional experience: You love partnering with other teams to help both teams achieve their goals.
  • Strong technical depth and breadth: You have technical experience with building secure platforms and products at a deep level. You are excited to perform security design and code reviews. You want to understand security systems and improve their efficiency and scalability.
  • Thrive in ambiguity: You love tackling ambiguous problems in a fast-paced environment with an optimistic and energizing attitude.
  • Innovation at Scale: You seek opportunities to lead the industry in implementing the latest security and privacy technologies.
  • Results driven: You care deeply about creating impact and driving results for Headwayโ€™s business.
  • Mission driven: You are motivated by Headwayโ€™s mission, increasing access to high quality mental health care.

Our interview process

After you apply to Headway, here are some details of what to expect during the interview process.

  • Initial screen: Youโ€™ll connect with someone in recruiting so you can learn more about the team, Headwayโ€™s mission and exciting growth, and we can get a better idea of your background.
  • First round: You’ll meet with a member of our Security Engineering team for introductions and an architecture interview. Conducted similarly to a System Design interview, weโ€™ll learn more about your knowledge of the role of security in engineering systems and web architecture.
  • Final rounds: Youโ€™ll meet several more team members for technical and non-technical interviews, including our CISO who this role reports to, and leave with a fuller picture of what itโ€™s like to work at Headway.
  • References and the Offer: Our favorite part of the process! We’ll send over all of the details, including specifics on employee equity, and congratulatory messages from excited future team members!

Compensation and Benefits:

  • The starting salary for an Application Security Engineer is $188,000 and increases to $230,000 based on industry tenure and experience.

Benefits offered include:

  • Equity Compensation
  • Medical, Dental, and Vision coverage
  • HSA / FSA
  • 401K
  • Work-from-Home Stipend
  • Therapy Reimbursement
  • 16-week parental leave for eligible employees
  • Carrot Fertility annual reimbursement and membership
  • 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st
  • Flexible PTO
  • Employee Assistance Program (EAP)
  • Training and professional development

#LI-AC1

We believe a team’s strength is in its people, and we cannot achieve this mission without a team that reflects the diversity of this problem โ€“ across race, ethnicity, gender, sexuality, age, national origin, religion, family status, disability, military status, and experience.

Headway is committed to the full inclusion of all qualified individuals. As part of this commitment, Headway will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or receive other benefits and privileges of employment, please contact [email protected]

Headway employees work remotely across the US, with the option to work from offices in New York City and San Francisco. Headway participates in E-Verify. To learn more, click here.

Share this job:
Please let Headway know you found this job on Remote First Jobs ๐Ÿ™

Similar Remote Jobs

Headway logo

Headway

Mental healthcare system provider

  • Founded in 2017
  • 63 remote jobs

Latest Jobs at Headway

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service ๐Ÿ™

Apply