Skip to main content

Zocdoc

Application Security Engineer

USA Remote (Remote)From $140kmidAdded today

About this role

Zocdoc seeks an Application Security Engineer to embed security practices throughout the development lifecycle, helping engineering teams build secure software and reduce vulnerabilities before production. You'll partner with Compliance, Security, and Engineering teams to establish governance, maintain secure coding standards, and support emerging AI security frameworks in a healthcare technology environment.

What you'll do

  • Serve as a security liaison to engineering squads, guiding adherence to secure development lifecycle standards
  • Review and interpret static analysis and software composition analysis tool alerts, distinguishing true vulnerabilities from false positives
  • Create and maintain security documentation, developer playbooks, and secure coding training materials
  • Track application security metrics, vulnerability patch timelines, and policy exceptions for leadership reporting
  • Support compliance audits by organizing technical evidence from repositories and deployment pipelines
  • Develop AI governance frameworks and ensure AI-enabled workflows meet privacy and security requirements

What they're looking for

  • Application security and secure coding practices
  • Code review and ability to read Python, JavaScript, Go, or Java
  • Vulnerability assessment and OWASP Top 10 knowledge
  • Cloud platform familiarity (AWS, GCP, Azure) and Git workflows
  • Static analysis and software composition analysis tools
  • Security governance and compliance audit support
  • Generative AI tool integration and AI security risk assessment
  • Clear communication of technical security concepts to developers
Apply on the employer's site

Opens the official application on the employer’s site. No login required.

Zocdoc

Zocdoc builds system integrations that connect healthcare applications and services to enhance patient experiences. The company is hiring Integration Health Engineers to ensure the reliability and performance of these integrations.

View all jobs at Zocdoc

Likely interview questions

  • Walk us through your experience helping developers understand and remediate application security vulnerabilities. How do you approach making security guidance actionable rather than prescriptive?
  • Describe your experience interpreting alerts from static analysis tools. How do you distinguish between true vulnerabilities and false positives, and how have you communicated findings to engineering teams?