Application Security Engineer
HeartFlow, IncSan Francisco, California, United States
Posted May 4, 2026
145000 - 180000 USD
Full Time
About the Company
Heartflow is a medical technology company advancing the diagnosis and management of coronary artery disease using cutting-edge technology.
Job Description
Heartflow is a medical technology company looking for an Application Security Engineer to ensure security is an integral part of their Software Development Lifecycle (SDLC). The role is hybrid, requiring three days a week in the San Francisco office, and offers a chance to protect patients as products that leverage AI to improve healthcare are built.
Requirements
- Partner with the engineering team to provide hands-on technical guidance to software developers throughout the vulnerability remediation lifecycle.
- Perform secure code reviews, validate false positive determinations, coach developers on effective remediation strategies, threat model our products and carry out essential parts of a secure SDLC.
- Drive vulnerability identification using SAST, DAST, SCA and in-house AI tooling and manage external penetration testing.
- Support engineering team on vulnerability management, including risk assessment, remediation, improving identification of vulnerabilities and translate security and privacy requirements into technical requirements.
- Build security awareness through training on secure coding practices, security standards and latest security threats.
Benefits
- Generous Paid Time Off
- 401k Matching
- Retirement Plan
- Healthcare Experience
- Infrastructure as Code & Cloud
