Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Sr. Application Security Engineer (Remote) image - Rise Careers
Job details

Sr. Application Security Engineer (Remote) - job 1 of 2

We believe that mental health is just as important as physical health. We recognize that mental health issues can be complex and multifaceted, and we are dedicated to treating the whole person, not just the symptoms.

We aim to create a world where mental health is no longer stigmatized or marginalized, but rather is embraced as an integral part of one's overall well-being. 

We believe that by providing quality care that is both evidence-based and compassionate, we can empower individuals to take charge of their mental health and achieve their full potential. We are passionate about making a positive impact on the lives of those struggling with mental health issues and we strive to be a force for positive change in the field of mental healthcare.

About the Role

The Security Team at Rula is responsible for ensuring the protection of patient data and all of the technology behind our platform. We maintain close partnerships with Engineering and Product teams, but interface with everyone across the company to ensure that security is a core component of Rula’s culture. In this role, you’ll have the opportunity to enhance the security of our code and development practices, and enhance our vulnerability management program with Engineering and external partners. Overall, you’ll encounter endless learning opportunities and pursue projects that will leverage and refine your skills. More importantly, the work you do will help ensure the best outcomes for patients as we strive to make mental healthcare work for everyone.

Required Qualifications

  • 4+ years of experience as an application security engineer 

  • Experience with JavaScript, TypeScript, Node.js, and/or Ruby

  • Demonstrated success applying OWASP Top 10 recommendations to modern application stacks

  • Experience with common SAST and DAST tooling and best practices

Preferred Qualifications

  • Experience launching and/or managing a bug bounty program

  • An understanding of HIPAA requirements and how they apply to application security

  • Established success leading threat modeling exercises to identify security risks in technical designs

  • Experience with JS front-end libraries, preferably React

  • Experience interfacing with 3rd party pentesters to validate findings and develop remediation plans

We're serious about your well-being! As part of our team, full-time employees receive:

  • 100% remote work environment (US-based only): Working hours to support a healthy work-life balance, ensuring you can meet both professional and personal commitments

  • Attractive pay and benefits: Full transparency of pay ranges regardless of where you live in the United States

  • Comprehensive health benefits: Medical, dental, vision, life, disability, and FSA/HSA

  • 401(k) plan access: Start saving for your future

  • Generous time-off policies: Including 2 company-wide shutdown weeks each year for self-care (for most employees)

  • Paid parental leave: Available for all parents, including birthing, non-birthing, adopting, and fostering

  • Employee Assistance Program (EAP): Support for your mental and physical health

  • New hire home office stipend: Set up your workspace for success

  • Quarterly department stipend: Fund team-building activities or in-person gatherings

  • Wellness events and lunch & learns: Explore a variety of engaging topics

  • Community and employee resource groups: Participate in groups that celebrate employee identity and lived experiences, fostering a sense of community and belonging for all

Our team

We believe that diversity, equity, and inclusion are fundamental to our mission of making mental healthcare work for everyone.  We are dedicated to having a culture of inclusion that will support our employees in feeling safe, seen, heard, and valued.

Rula Glassdoor Company Review
4.3 Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon
Rula DE&I Review
No rating Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon
CEO of Rula
Rula CEO photo
Unknown name
Approve of CEO
by Rula on Glassdoor

Average salary estimate

$125000 / YEARLY (est.)
min
max
$100000K
$150000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Sr. Application Security Engineer (Remote), Rula

Welcome to Rula, where we’re on a mission to make mental health accessible and embraced as a key part of overall well-being. We're looking for a Sr. Application Security Engineer to join our passionate team in Los Angeles, working 100% remotely. Your expertise will play a vital role in safeguarding patient data and ensuring our technology is secure. In collaboration with our Engineering and Product teams, you'll implement best practices in security, enhancing our vulnerability management programs alongside external partners. With over four years of experience as an application security engineer, you will apply your skills with JavaScript, TypeScript, Node.js, or Ruby, while leveraging the OWASP Top 10 recommendations to protect our modern application stack. You’ll also lead the charge in conducting threat modeling exercises and managing our bug bounty program, helping to proactively identify security risks. Your work here has the potential for true impact, ensuring safe and effective mental health care for our patients. Rula not only promotes a positive work environment but also offers competitive pay, comprehensive health benefits, and ample opportunities for professional growth. Join us at Rula, where your contributions will help foster a healthier world, one person at a time!

Frequently Asked Questions (FAQs) for Sr. Application Security Engineer (Remote) Role at Rula
What are the key responsibilities of a Sr. Application Security Engineer at Rula?

As a Sr. Application Security Engineer at Rula, your primary responsibilities include safeguarding patient data by enhancing the security of our code and development practices. You’ll collaborate with engineering and product teams to integrate security into Rula’s culture, manage vulnerability programs, and lead threat modeling exercises. Your technical expertise will be essential in applying OWASP Top 10 recommendations and interfacing with third-party pentesters to validate and remediate security findings.

Join Rise to see the full answer
What qualifications are required for the Sr. Application Security Engineer position at Rula?

To qualify for the Sr. Application Security Engineer role at Rula, you should have at least 4 years of experience in application security engineering, with a strong background in JavaScript, TypeScript, Node.js, or Ruby. You'll need to demonstrate knowledge of OWASP recommendations and familiarity with common SAST and DAST tools. Preferred qualifications include experience running a bug bounty program and understanding HIPAA requirements related to application security.

Join Rise to see the full answer
How does Rula support employee work-life balance for the Sr. Application Security Engineer position?

At Rula, we prioritize work-life balance. The Sr. Application Security Engineer role offers a fully remote work environment with flexible hours to support both personal and professional commitments. We also provide generous time-off policies, including two company-wide shutdown weeks each year, and paid parental leave for all parents, ensuring that our employees can recharge and focus on their well-being.

Join Rise to see the full answer
What impact will the Sr. Application Security Engineer role have on mental healthcare at Rula?

The Sr. Application Security Engineer plays a crucial role in protecting sensitive patient data, which directly impacts the quality of mental healthcare at Rula. By ensuring a secure platform, you contribute to creating a safe environment for both patients and providers. Your work promotes trust in Rula’s technology, allowing us to focus on making mental health care accessible and effective for everyone.

Join Rise to see the full answer
What career development opportunities does Rula offer for the Sr. Application Security Engineer?

At Rula, we offer numerous career development opportunities for the Sr. Application Security Engineer position, including access to wellness events, lunch and learns, and funding for team-building activities. You’ll also have the chance to engage in cross-department projects that enhance your skills while promoting a culture of inclusion and diversity, allowing for personal and professional growth within the organization.

Join Rise to see the full answer
Common Interview Questions for Sr. Application Security Engineer (Remote)
Can you describe your experience with OWASP Top 10 in previous roles?

In previous roles, I have utilized the OWASP Top 10 as a framework to identify and address common vulnerabilities in applications. I regularly conducted security assessments which involved analyzing code and configurations to ensure compliance with OWASP guidelines, and I implemented fixes and preventative measures based on this knowledge.

Join Rise to see the full answer
How do you approach threat modeling in application security?

My approach to threat modeling involves identifying potential threats early in the software development lifecycle. I collaborate with development teams to understand the architecture, then systematically identify possible attack vectors using tools like STRIDE or DREAD, which helps prioritize vulnerabilities based on risk level.

Join Rise to see the full answer
What experience do you have with SAST and DAST tools?

I have extensive experience using both Static Application Security Testing (SAST) tools like Checkmarx and Dynamic Application Security Testing (DAST) tools such as OWASP ZAP. I incorporate these tools into CI/CD pipelines to automate security checks and ensure vulnerabilities are caught before production.

Join Rise to see the full answer
Can you give an example of how you implemented a bug bounty program?

Absolutely! At my previous employer, I led the initiation of a bug bounty program by first establishing clear scope and guidelines. Then, I partnered with a platform to launch it, promoting it within the security community to attract ethical hackers. Regular communication and transparency about findings and fixes were key to the program's success.

Join Rise to see the full answer
How do you ensure compliance with HIPAA in your security practices?

Compliance with HIPAA starts with understanding and implementing its regulations in all technical designs. I routinely conduct security audits and training sessions, and I work closely with legal and compliance teams to ensure all aspects of application security meet HIPAA standards.

Join Rise to see the full answer
What steps do you take to stay updated with the latest security threats?

I actively participate in security forums, attend industry conferences, and subscribe to relevant newsletters. Additionally, I dedicate time to continuous learning through online courses and certifications, which helps me stay informed about emerging threats and best practices.

Join Rise to see the full answer
How do you handle a security incident once identified?

Upon identifying a security incident, my first step is to contain the threat to prevent further exposure. Then, I analyze the incident to understand its cause and the extent of the damage. After remediation, I collaborate with teams to update protocols and improve security measures to prevent similar incidents in the future.

Join Rise to see the full answer
What programming languages do you feel are essential for app security?

Programming languages that are essential for application security primarily include JavaScript, TypeScript, Node.js, and Ruby, as these are commonly used in web applications. A solid understanding of these languages allows for better code reviews and vulnerability assessments.

Join Rise to see the full answer
How do you communicate security issues to non-technical teams?

Communicating security issues to non-technical teams involves simplifying complex concepts without diluting the urgency. I use analogies and relatable scenarios to illustrate the risks and then provide clear action items to help teams understand how they can contribute to the solution.

Join Rise to see the full answer
What role do third-party penetration testers play in your security strategy?

Third-party penetration testers are crucial as they provide objective assessments of my applications’ security posture. I rely on their expertise to validate my findings, uncover new vulnerabilities, and create robust remediation plans to strengthen our defenses.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
Rula Remote Los Angeles
VIEW
Posted 13 days ago
Photo of the Rise User
Rula Remote Los Angeles
VIEW
Posted 11 days ago
Photo of the Rise User
Crossfuze Remote No location specified
VIEW
Posted 11 days ago
Photo of the Rise User
Ent Credit Union Hybrid 11550 Ent Pkwy, Colorado Springs, CO 80921, USA
VIEW
Posted 13 days ago
Photo of the Rise User
Alter Solutions Remote Paris, France
VIEW
Posted 13 days ago
E
Encantado Technical Solutions Hybrid Albuquerque
VIEW
Posted 5 days ago
Photo of the Rise User
Continental Hybrid R. Continental Mabor, 4760 Lousado, Portugal
VIEW
Posted 9 days ago
Photo of the Rise User
Princeton University Hybrid Princeton
VIEW
Posted 3 days ago
S
Stride Inc. Remote US Nationwide - Remote
VIEW
Posted 2 days ago
T
Talent Worx Remote No location specified
VIEW
Posted 6 days ago
Photo of the Rise User Rula

Rula's mission is to make mental healthcare work for everyone.

184 jobs
MATCH
VIEW MATCH
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
TEAM SIZE
HQ LOCATION
EMPLOYMENT TYPE
Full-time, remote
DATE POSTED
March 29, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
LATEST ACTIVITY
Photo of the Rise User
21 people applied to Salesforce CRM Analytics Senior Developer at Builders FirstSource
Photo of the Rise User
86 people applied to Analyst - Cyber Threat Intelligence (Remote) - (Job Number: WHQ00023939) at United Airlines
Photo of the Rise User
8 people applied to 2025 Technology and Innovation Internship at Truist
Photo of the Rise User
96 people applied to Entry-Level AI Developer at Siemens Milford, CT at Siemens
Photo of the Rise User
11 people applied to Excel Developer at Valcre
Photo of the Rise User
45 people applied to IT Systems Analyst, Jr. Salesforce Administrator at University of Maryland
Photo of the Rise User
365 people applied to Threat Intelligence Analyst (US Remote Available) - 30603 at Splunk
S
10 people applied to Penetration Testing Engineer at SWATX
Photo of the Rise User
111 people applied to Associate Cybersecurity Analyst – Audit & Compliance (GRC) at Visa
Photo of the Rise User
13 people applied to Cybersecurity Officer II (Security Awareness) at Washington Metropolitan Area Transit Authority
Photo of the Rise User
Someone from OH, Akron just viewed Grad Intern - No Work Experience at Walmart
Photo of the Rise User
32 people applied to (summer 2025) Information Security Student, Intern Job Details | Entergy at Entergy
Photo of the Rise User
Someone from OH, Columbus just viewed Race & Sportsbook Office Manager at Westgate Resorts
S
Someone from OH, Akron just viewed Client Service Representative at Shine Productions
Photo of the Rise User
26 people applied to IT Intern at USAA
Photo of the Rise User
79 people applied to Coinbase Internship Summer Program | Apply Here at Coinbase
Photo of the Rise User
116 people applied to Boeing Summer 2025 Internship Program (Paid) – Information Technology (IT) and Data Analytics (DA) and Digital Aviation Solutions (DAS) at Boeing
Photo of the Rise User
Someone from OH, Columbus just viewed Technical Support Specialist at Samsara
Photo of the Rise User
Someone from OH, Columbus just viewed Distribution Warehouse Associate at Abercrombie and Fitch Co.
Photo of the Rise User
59 people applied to Associate Cybersecurity Analyst, Intern - GRC Austin, TX at Visa
Photo of the Rise User
Someone from OH, Canton just viewed Full Stack Web Developer at Abnormal Security
Photo of the Rise User
Someone from OH, Canton just viewed Frontend Engineer, UX at Chainlink Labs
C
Someone from OH, Canton just viewed Front-End UI/UX Software Developer at Credence Management Solutions, LLC
Photo of the Rise User
25 people applied to Technology Development Internship Program at Accenture Federal Services
Photo of the Rise User
28 people applied to (Incident Management) Service Operations Manager II - IN (Night Shift) at Rackspace
R
Someone from OH, Toledo just viewed Global Marketing Intern at Reebok International, Ltd
B
16 people applied to Salesforce Admin (Part Time) at Bullpen Talent
Photo of the Rise User
Someone from OH, Toledo just viewed Intern, Corporate Communications at E.L.F. BEAUTY
Photo of the Rise User
42 people applied to Information Technology (IT) Intern at Nelson Education LTD
Photo of the Rise User
Someone from OH, Cincinnati just viewed Immigration - E2 Visa at Upwork
Photo of the Rise User
35 people applied to Behavioral Threat Investigator - Cybercrime Investigations, Global Security & Investigations at American Express
Photo of the Rise User
292 people applied to Information/Cyber Security Intern at USAA
A
6 people applied to Cyber Security Intern at Atlas Energy Solutions
Photo of the Rise User
Someone from OH, Dayton just viewed Senior Director - Brand & Marketing Content at Cielo
Photo of the Rise User
24 people applied to Security Analyst Jr at DEUNA
Photo of the Rise User
Someone from OH, Cleveland just viewed Senior Director, Revenue Cycle Management (RCM) Services - Remote US at Nextech
Photo of the Rise User
Someone from OH, Cincinnati just viewed Marketing Leadership Development Program Internship - Summer 2025 at Pentair
Photo of the Rise User
Someone from OH, Cleveland just viewed Scheduling Coordinator at Window Nation
Photo of the Rise User
13 people applied to Security Operations Centre (SOC) Analyst at Fullscript
T
Someone from OH, Columbus just viewed Power BI Developer - Remote at Two95 International Inc.
Photo of the Rise User
85 people applied to CyberSecurity Intern at McCormick & Company
Photo of the Rise User
Someone from OH, Cleveland just viewed 2025 University Recruiting - Field Medical Intern - Head & Neck and Melanoma (HNM)/Breast & Gynecology (BrGYN) Oncology at Merck
Photo of the Rise User
Someone from OH, Dayton just viewed Front Desk Clerk at Marriott International
Photo of the Rise User
Someone from OH, Hilliard just viewed Junior Digital Analyst at Jellyfish
Photo of the Rise User
Someone from OH, Hilliard just viewed Junior Digital Data Analyst at AECOM
Photo of the Rise User
Someone from OH, Columbus just viewed Life Insurance Agent - No Experience Required (Remote) at Primerica Financial Services
Photo of the Rise User
Someone from OH, Columbus just viewed Data Analyst/R Programmer at Peet's
Photo of the Rise User
Someone from OH, Grandview Heights just viewed Service Drive Greeter at Jeff Wyler Automotive Family
Photo of the Rise User
Someone from OH, Washington Court House just viewed Administration and Clerical at Walmart
Photo of the Rise User
Someone from OH, Dayton just viewed Lab Assistant / Phlebotomist Mobile - Family Physicians of Springfield at Mercy Health
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok