[Remote] Senior Engineer, Security (AppSec)

Note: The job is a remote job and is open to candidates in USA. Arcadia is dedicated to transforming healthcare through data, aiming for happier and healthier days for all. They are seeking a Senior Engineer – Security (Application Security) to protect their cloud-native healthcare platform by building and improving security controls while contributing to incident response and threat mitigation efforts.

Responsibilities

• Design, implement, and maintain application security controls across Arcadia’s cloud-native SaaS platform
• Partner with Product and Engineering teams to embed security into system design, development workflows, and CI/CD pipelines
• Conduct threat modeling, architecture reviews, and secure design assessments for new and existing services
• Own and improve vulnerability management processes, including identification, prioritization, and remediation tracking
• Implement and maintain security tooling such as SAST, DAST, dependency scanning, container scanning, and secrets detection
• Participate in security incident response activities including detection, investigation, containment, and remediation
• Monitor and analyze logs, alerts, and security events to identify suspicious activity and emerging threats
• Contribute to detection engineering by tuning alerts, improving signal quality, and reducing noise
• Support threat intelligence analysis and apply insights to improve preventive and detective controls
• Perform post-incident analysis and recommend technical and process improvements
• Build security-as-code solutions to automate control enforcement, validation, and remediation
• Use scripting and automation to reduce manual effort and improve consistency
• Support secure AWS architecture using services such as EKS, ECS, Lambda, IAM, and VPC
• Contribute to identity and access management best practices across AWS, Okta/Auth0, and SaaS platforms
• Translate compliance requirements (e.g., SOC 2, ISO 27001, HITRUST, HIPAA) into practical technical controls
• Partner with Security Assurance to support audits, evidence collection, and continuous control monitoring
• Help identify and remediate security risks discovered through assessments, audits, or incidents

Skills

• 6+ years of experience in application security, cloud security, or security engineering roles
• Strong hands-on experience securing cloud-native, SaaS-based environments (AWS required)
• Solid understanding of application security principles and common vulnerabilities (OWASP Top 10)
• Solid understanding of secure software development practices and CI/CD integration
• Solid understanding of cloud security architecture and IAM
• Solid understanding of incident detection and response fundamentals
• Experience with security tools such as SIEM, SAST/DAST, EDR, vulnerability scanners, and cloud security platforms
• Ability to script and automate security workflows using Python, Bash, or similar languages
• Strong analytical skills and the ability to clearly communicate security risks and recommendations
• Experience in healthcare or other regulated industries
• Familiarity with Kubernetes, container security, and modern DevSecOps tooling
• Experience contributing to detection engineering or threat analysis efforts
• Relevant certifications such as AWS Security Specialty, CISSP, CCSP, or GIAC certifications

Benefits

• Employee driven programs and initiatives for personal and professional development

Company Overview

Company H1B Sponsorship