Senior Manager, Application Security

Job not on LinkedIn

4 days ago

Apply Now

Receive Emails with Similar Jobs

Included Health

WebsiteLinkedInAll Job Openings

SaaS • B2B • HR Tech

Included Health is a healthcare technology company that delivers personalized, employer- and health-plan-focused primary, urgent, and behavioral health care through a single app and a network of virtual and in-person services. It blends AI-driven tools and human care teams to provide 24/7 care coordination, billing and claims advocacy, second opinions from leading specialists, and mental-health support, with the goal of lowering employer healthcare costs and improving member experience and inclusivity.

1001 - 5000 employees

☁️ SaaS

🤝 B2B

👥 HR Tech

📋 Description

• Manage, mentor, and grow the Application Security, Vulnerability Management, and Security Assessment teams, fostering a culture of engineering excellence and proactive security ownership. • Define and execute the application security roadmap, directly contributing to our top priority of preventing PHI exposure. • Serve as a technical leader and mentor, guiding the team's architectural decisions and fostering engineering excellence in languages like Go and Python. • Evolve our secure SDLC through the strategic implementation of SAST, DAST, and SCA tooling, focusing on actionable results and a positive developer experience. • Champion and guide the strategy for modern access control, including Just-In-Time (JIT) access and other least-privilege initiatives, in partnership with the Cloud Security team. • Oversee key security programs including threat modeling, bug bounty, penetration testing, and vulnerability management. • Partner with engineering and product leaders to ensure security and privacy are designed into our products from the very beginning.

🎯 Requirements

• 8+ years of experience in security engineering, with at least 3+ years as a direct people manager leading security teams. • A strong track record of building and scaling Application Security programs in cloud-native SaaS environments (AWS strongly preferred). • Hands-on-keyboard proficiency in a modern programming language (e.g., Go, Python), with the ability to perform meaningful code reviews and guide technical architecture. • Demonstrated success leading vulnerability management programs, from detection through remediation and verification. • Deep experience with the tools and processes used to secure the SDLC, including SAST, DAST, SCA, and CI/CD pipeline integration. • Proven ability to run effective threat modeling exercises for complex applications and services. • Excellent communication skills, with the ability to articulate complex security risks and strategies to both technical and executive audiences. • Experience securing platforms in a regulated healthcare environment and deep familiarity with HIPAA and HITRUST controls. • Background in running external-facing security programs like bug bounty, responsible disclosure, or customer security reviews. • Familiarity with Infrastructure as Code (IaC) principles and tools like Terraform, and an understanding of how they influence application security. • Experience navigating compliance frameworks beyond healthcare, such as ISO 27001 or SOC 2.

🏖️ Benefits

• Remote-first culture • 401(k) savings plan through Fidelity • Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance) • Paid Time Off ("PTO") and Discretionary Time Off (“DTO”) • 12 weeks of 100% Paid Parental leave • Family Building & Compassionate Leave: Fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption or pregnancies. • Work-From-Home reimbursement to support team collaboration home office work