Skip to main content

Heartflow

Application Security Engineer

San Francisco, California$145k–$180kmidAdded today

About this role

Heartflow seeks an Application Security Engineer to embed security practices throughout the software development lifecycle for an AI-driven medical device platform. You'll guide engineers on vulnerability remediation, conduct threat modeling and code reviews, and manage security testing across a healthcare-regulated environment.

What you'll do

  • Perform secure code reviews and guide developers through vulnerability remediation strategies
  • Drive vulnerability identification using SAST, DAST, SCA, and AI-powered tooling; manage external penetration testing
  • Conduct threat modeling and support secure SDLC implementation across products
  • Assess and prioritize vulnerability risks; translate security and privacy requirements into technical specifications
  • Develop and deliver security awareness training on secure coding and emerging threats
  • Partner with engineering teams on vulnerability management and risk communication

What they're looking for

  • Application security and secure SDLC practices (code review, threat modeling, security testing)
  • Programming in modern languages (C++/Python) and scripting; CI/CD pipeline familiarity
  • Security testing tools (SAST, DAST, SCA) and vulnerability management
  • AI development tools (Claude Code, GitHub Copilot) and modern AI security threats
  • Risk communication to technical and non-technical stakeholders
  • HIPAA, HITRUST, and Software as a Medical Device (SaMD) compliance knowledge
  • AWS and cloud security; Infrastructure as Code (Terraform, Ansible, Chef)
  • Containerization and orchestration (Docker, Kubernetes, GitHub Actions)
Apply on the employer's site

Opens the official application on the employer’s site. No login required.

Heartflow

Heartflow develops AI-driven cardiac diagnostic software that processes medical imaging data through cloud-based algorithmic pipelines and interactive 3D visualization tools. The company is hiring software engineers to build and refine these diagnostic systems while ensuring compliance with FDA and ISO medical device standards.

View all jobs at Heartflow

Likely interview questions

  • Describe your experience conducting threat models and how you've communicated findings to both developers and non-technical stakeholders.
  • Walk us through your approach to performing secure code reviews—what do you look for, and how do you coach developers on effective remediation?