Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Application Security Engineer image - Rise Careers
Job details

Application Security Engineer

Solace is a healthcare advocacy marketplace that connects patients and families to experts who help them understand and take charge of their personal health.

🔥 About Solace

By harnessing the power of human connection through technology, Solace is transforming healthcare in the U.S.

Healthcare in the U.S. is fundamentally broken. The system is so complex that 88% of U.S. adults do not have the health literacy necessary to navigate the system without help. By helping people work with professional health advocates, Solace serves as an integral, personal support layer for health issues in a way that the health system can’t. Using proprietary technology to match patients with experienced advocates, Solace cuts through the red tape of healthcare and helps individuals and families make informed decisions that result in better outcomes.

Solace is a Series B startup founded in 2022 and backed by Inspired Capital, Craft Ventures, Torch Capital, Menlo Ventures and Signalfire. We have a lean, fully-remote U.S. team distributed coast-to-coast.

Check out our recent funding announcement in the WSJ here.

🧑‍💻 About the Role

We’re looking for a Web Security Engineer to join our team and lead the charge in securing our patient-facing and internal web applications. You’ll be responsible for protecting sensitive health data, staying ahead of evolving threats, and shaping the security posture of a platform that directly impacts patients' lives.

This role is a critical hire as we continue to scale—balancing agility and speed with robust, scalable security practices.

What You’ll Do

  • Own web application security across all our products and services (React, Node.js, PostgreSQL, Heroku).

  • Promote a security-first culture within the organization by enforcing secure coding practices.

  • Analyze new and existing features for potential security risks.

  • Conduct regular threat modeling, vulnerability assessments, and penetration testing (both automated and manual).

  • Work cross-functionally with engineering, DevOps, and compliance teams to ensure HIPAA, SOC 2, and general data privacy adherence.

  • Monitor, detect, and respond to potential threats in real-time.

  • Lead investigations of security incidents and breaches and perform root cause analysis and support post-incident remediation and reporting.

  • Stay current on web vulnerabilities (e.g., OWASP Top 10) and mitigate them proactively.

  • Help foster a security-first culture through training, documentation, and mentorship providing guidance and training to engineering and product teams on secure development practices.

What You Bring to the Table

  • Experience working in a start-up environment.

  • 5+ years of experience in web application security or related engineering roles.

  • Proficiency with secure web development and auditing practices (e.g., input validation, authentication/authorization mechanisms, encryption in transit and at rest).

  • Experience with threat modeling, vulnerability scanning tools, and manual security testing.

  • Familiarity with regulatory/compliance frameworks.

  • Experience in healthcare or other regulated industries and knowledge of implementing HIPAA compliant software.

Up for the Challenge?

We look forward to meeting you.

Fraudulent Recruitment Advisory: Solace Health will NEVER request bank details or offer employment without an interview. All legitimate communications come from official @solace.health emails only. Report suspicious activity to hiring@solace.health.

Average salary estimate

$165000 / YEARLY (est.)
min
max
$150000K
$180000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Application Security Engineer, Solace

Are you ready to make a tangible impact in the healthcare sector? Join Solace as an Application Security Engineer and become a vital part of our mission to transform how individuals navigate health challenges. At Solace, we understand that the U.S. healthcare system can be overwhelming, and we’re here to bridge that gap. You will take charge of securing our web applications, ensuring that sensitive patient data stays protected against evolving threats. Your expertise in web security will help us enforce secure coding practices across our products, making sure that everyone—from our engineers to our product teams—understands the importance of a security-first culture. You’ll be conducting regular threat assessments and penetration tests, all while collaborating across functions to maintain compliance with HIPAA and SOC 2 standards. With your robust experience in web application security, you'll have the opportunity to shape our security posture and lead investigations into security incidents when they arise. If you're excited about working in a start-up environment and have a passion for helping people, Solace could be the perfect fit for you. Join us remotely and help reimagine healthcare while developing cutting-edge solutions in web security. Ready for the challenge? We’re thrilled to meet you!

Frequently Asked Questions (FAQs) for Application Security Engineer Role at Solace
What are the main responsibilities of an Application Security Engineer at Solace?

As an Application Security Engineer at Solace, you will be responsible for owning web application security across all our platforms. This includes promoting secure coding practices among teams, analyzing features for potential security risks, conducting vulnerability assessments, and implementing real-time threat detection protocols. You'll collaborate with engineering and compliance teams to ensure adherence to regulations like HIPAA and SOC 2, making your role crucial for the integrity of patient data.

Join Rise to see the full answer
What qualifications do I need to become an Application Security Engineer at Solace?

To join Solace as an Application Security Engineer, you'll need a minimum of 5 years of experience in web application security or related roles, particularly in startups. Proficiency in secure web development practices, experience with threat modeling and vulnerability scanning tools, and familiarity with compliance frameworks are essential. A background in healthcare or regulated industries will also be a significant advantage, as you will help implement HIPAA-compliant solutions.

Join Rise to see the full answer
How does Solace promote a security-first culture within the organization?

At Solace, promoting a security-first culture is vital. As an Application Security Engineer, you will reinforce secure coding practices and conduct training sessions to educate engineering and product teams about security protocols. Your role will involve creating documentation and resources that champion security awareness and the importance of developing secure applications, ensuring everyone understands their part in safeguarding patient information.

Join Rise to see the full answer
What tools and methodologies are used by the Application Security Engineer at Solace?

In the role of Application Security Engineer at Solace, you will work with various tools for vulnerability scanning, threat modeling, and penetration testing. Familiarity with frameworks like OWASP Top 10 is important, and you’ll likely employ both automated and manual testing methodologies. Moreover, leveraging technologies such as React, Node.js, and PostgreSQL will be essential as you secure our web applications.

Join Rise to see the full answer
Can you describe the work environment for an Application Security Engineer at Solace?

The Application Security Engineer position at Solace offers a fully remote working environment, allowing you to collaborate with a diverse team distributed across the U.S. This lean startup is rooted in innovation and agility, requiring you to thrive in a fast-paced atmosphere while implementing robust security practices to protect our users. You’ll often communicate cross-functionally with multiple teams, making collaboration key to success in this role.

Join Rise to see the full answer
Common Interview Questions for Application Security Engineer
What is your experience with securing web applications?

When answering this question, highlight your relevant years of experience in web application security and provide specific examples of projects where you successfully secured applications. Discuss the tools and technologies you've used, such as threat modeling and vulnerability assessment frameworks, and how your efforts led to measurable improvements in security posture.

Join Rise to see the full answer
How do you stay informed about the latest web vulnerabilities?

Discuss your methods for staying current with industry trends, such as following reputable security blogs, attending webinars, or participating in professional forums. You could mention specific resources like OWASP or security-focused newsletters and how they help you apply best practices to your work at Solace.

Join Rise to see the full answer
Can you explain the OWASP Top 10 and its relevance?

When asked about the OWASP Top 10, clearly outline each vulnerability listed and why it's critical for web security. Emphasize how this knowledge informs your approach to risk assessment and secure coding practices, ensuring you can proactively mitigate these issues within Solace's applications.

Join Rise to see the full answer
Describe a time when you had to handle a security incident.

Use the STAR method (Situation, Task, Action, Result) to structure your response. Outline the incident, your role in addressing it, the specific actions you took to manage it, and the outcomes of those actions—especially focusing on what you learned and how you applied it to improve security practices afterward.

Join Rise to see the full answer
What tools and methodologies do you prefer for penetration testing?

Discuss the specific tools you're proficient in, whether automated or manual, and explain why you prefer them. Provide examples of how you've effectively used these tools in past roles to identify and address vulnerabilities in web applications, drawing connections to your future work at Solace.

Join Rise to see the full answer
How do you promote secure coding practices within a team?

Explain your approach to fostering a security-centric mindset among colleagues. This could include conducting workshops, creating documentation, or implementing coding standards. Share specific instances where your initiatives resulted in improved security awareness or compliance within your team.

Join Rise to see the full answer
Can you describe your experience with compliance frameworks like HIPAA?

Highlight your practical experience with compliance frameworks, particularly HIPAA, and outline your understanding of how to implement and sustain compliance in software development processes. Illustrate this with examples of challenges you faced and how you overcame them while ensuring data privacy.

Join Rise to see the full answer
What strategies do you use for effective threat modeling?

Discuss the methodologies you apply for threat modeling, such as STRIDE or PASTA, and explain how you prioritize vulnerabilities based on risk impact. Share a specific example of how your threat modeling process has helped reduce risk in a previous project.

Join Rise to see the full answer
How do you handle conflicting priorities in a fast-paced environment?

Be honest about your strategies for prioritizing tasks when managing multiple responsibilities. You might discuss tools you use, such as project management software, and how you communicate with stakeholders to ensure alignment on security goals while keeping projects on track.

Join Rise to see the full answer
What excites you about working as an Application Security Engineer at Solace?

Share your passion for the convergence of healthcare and technology and how Solace's mission resonates with your values. Express your eagerness to contribute to impactful work that protects patient information and enhances their experience in navigating health challenges.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
Solace Remote No location specified
Posted 9 days ago

Join Solace as a Technical Recruiter to drive the recruitment of engineering talent for a mission-driven healthcare advocacy startup.

Photo of the Rise User
Highmark Health Remote PA, Working at Home - Pennsylvania
Posted 9 days ago

We are looking for a seasoned Senior Architect to spearhead innovative architecture solutions that align with our business capabilities at enGen.

GE Grid Solutions is seeking a Lead OT Cyber Security Engineer to enhance security protocols in high voltage systems for renewable energy projects.

Photo of the Rise User
Posted 13 days ago

Join Capgemini as a Semi Senior Application Support Analyst and contribute to advancing applications for one of the largest insurance carriers in the U.S.

Photo of the Rise User
Posted 11 days ago

Join CyberArk as an IT Business Solution Specialist to drive the enhancement of finance applications and systems.

Photo of the Rise User
Posted 2 days ago

Join Arthrex as a Sr SAP PP/QM Business Systems Analyst and contribute to process improvements in a dynamic manufacturing environment.

Posted 14 days ago

Indiana Wesleyan University is on the lookout for an inspiring VP and CIO to advance their mission through innovative technology leadership.

Photo of the Rise User
General Dynamics Information Technology Hybrid US, Arlington County, VA; Virginia, Arlington, VA
Posted 9 days ago

GDIT seeks a seasoned Acquisition Security Analyst to enhance the security of advanced technology programs through innovative risk management strategies.

Photo of the Rise User
7 Kings Code Remote Baton Rouge, LA
Posted 5 days ago

Join IBM as an SAP SCM (MM) Lead, leveraging your expertise to drive successful project outcomes while initially working remotely.

Solace makes hardware and software message routers that efficiently move real-time information between distributed applications, devices and users over all kinds of local and global networks. Solace technology unifies many kinds of data movement s...

13 jobs
MATCH
Calculating your matching score...
FUNDING
SENIORITY LEVEL REQUIREMENT
TEAM SIZE
EMPLOYMENT TYPE
Full-time, remote
DATE POSTED
April 21, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
LATEST ACTIVITY
Photo of the Rise User
Someone from OH, Cincinnati just viewed Machine Learning Engineer at Allstate
Photo of the Rise User
Someone from OH, Twinsburg just viewed Data Analyst/Power BI Developer at Datadog
Photo of the Rise User
Someone from OH, Cuyahoga Falls just viewed Small Fleet Underwriter at HDVI
Photo of the Rise User
Someone from OH, Dublin just viewed Product Designer, Entry Level at Govini
Photo of the Rise User
Someone from OH, Columbus just viewed Support Associate-7 at Tory Burch
Photo of the Rise User
Someone from OH, Columbus just viewed Project Manager at Treering
Photo of the Rise User
Someone from OH, Columbus just viewed Product Manager, Assessment Student Experience at Ellevation
Photo of the Rise User
Someone from OH, Hamilton just viewed Team Member Travel Coordinator at Allegiant
Photo of the Rise User
Someone from OH, Toledo just viewed IT Telecom Administrator at Anduril Industries
Photo of the Rise User
Someone from OH, Kent just viewed Director, Strategic Partnerships at Teaching Lab