flatironhealth

Application Security Engineer

Preview — apply on company site for full detailsApply Now

At a Glance

Location: NY office
Experience: 2–4 years
Posted: 2026-02-19T16:52:12-05:00

Key Requirements

Domain Knowledge

Engineering

Requirements

You're a kind, passionate, and collaborative problem-solver who values the opportunity to think beyond the way things are. You are an empathetic communicator who understands the impact of your work on both technical teams and the broader mission.

You have at least 2–4 years of experience in security engineering or vulnerability management.

You have a proven track record of coordinating between diverse teams with conflicting priorities to achieve successful outcomes.

You possess excellent interpersonal communication skills and the ability to navigate complex organizational structures.

You have a strong foundation in application security (web security, SAST, SCA) and a general knowledge of cloud architectures and deployment processes.

You are able to deal with the ambiguity associated with working in a fast-paced and changing environment.

Responsibilities

In this role you will report into the Security Assessment Team and will be a central part of the larger Information Security organization that works to keep our patient data and applications secure. Our team protects against threats to our business because we care about our patients and their quality of life. You’ll work across various security specialties to automate and optimize current workflows, as well as create novel solutions to industry problems. In addition you will:

Lead vulnerability management efforts across all domains, including application security (SAST and SCA) and cloud infrastructure (Infrastructure and IAM).

Coordinate between a variety of teams and stakeholders to prioritize and remediate security findings, effectively managing conflicting priorities to make meaningful changes in our environment.

Perform expert triaging of security tools results and penetration test findings to identify and escalate critical risks.

Analyze vulnerability data and provide recommendations for continuous optimization of our security posture and assessment workflows.

Advocate for security by teaching engineers and stakeholders how to integrate security into their daily workflows.