Security Engineer (Ruby on Rails)
About the Role
We're looking for you to join our team as a Security Engineer to help support and grow our security program, working across the organization on a wide variety of projects as we expand access to healthcare and people’s understanding of the resources available to them.
This position can be based anywhere in the United States.
You’re looking for a company where you have the opportunity to pursue your interests across functions and guide your career development. You value having startup experience. You’re looking to quickly make an impact and the focus is on building out solid security practices and a commitment to excellence. You have strong problem-solving skills and experience working on application security for a cloud-based product. You like to implement security features and fix bugs when you aren't finding vulnerabilities. You are humble, eager to learn, and always willing to help others. You understand the importance of iterating quickly and that building means doing the dirty work. You want teammates who enjoy solving problems regardless of the technologies and techniques involved. You believe that better and accessible mental health care is meaningful and worthwhile.
About the Role
You enjoy collaborating with engineers and building out actionable policies and practices.
You have experience with multiple frontend and backend frameworks and are comfortable identifying and resolving security issues.
You have deep knowledge of API security best practices.
You have experience integrating threat modeling throughout the application development lifecycle.
You have experience in mobile application specific application security.
You believe in automation and you understand the importance of shipping, often.
You have implemented security best practices in AWS S3/KMS and SaaS integrations (Google Workspace, Snowflake, Cloudflare, etc.)
You could explain DAST, SAST, IAST to our C-suite as well as help us make the best use of the appropriate technology.
You aren’t afraid to dive in for incident response and investigations and help use the lessons from our worst days to make our every day better.
You'll be successful with the following qualifications:
The following certifications will help you stand out.
SANS GWEB, GWAPT
Minimum of 1-3 years related work experience in Application security, development or equivalent role.
Minimum of 1-3 years of experience working in Ruby on Rails / Security
Building and breaking modern applications (SPAs, mobile apps, APIs, webhooks, etc.) in modern processing environments (CDN, WAF, API gateways, etc).
Strong working knowledge of Docker and Linux environments
Establishing application security practices and technical pipelines, especially integrating useful controls in CI/CD pipelines both on-premise and cloud environments.
Working with engineering teams to balance ongoing product feature development, technology limitations with security concerns.
Conducting or being the subject of privacy and/or security audits.
Ability to produce high quality documentation, reports, procedures and technical specifications to communicate with a wide range of stakeholders.
Effective at engaging with teams in various functions and across different levels
Strong organizational skills and ability to prioritize and manage multiple projects simultaneously.
Excellent analytical and writing skills with an emphasis on communicating complex issues across a wide audience.
Experience working in an environment that processes PHI and with applicable standards, such as: NIST Privacy Framework, ISO/IEC 27701, ISO 27001, HIPAA, HITRUST, SOC 2.
Prior experiences and demonstrated abilities will make you a top candidate for this position. For those with less experience we will also be interested in any education that may help you stand out.
Bachelor's Degree in Computer Science, Information Technology or related field
Medical + Dental + Vision + Disability + Life Insurance
14 Paid Holidays + Flexible PTO + Sick Days + Parental Leave
Learning and Development Reimbursement
Health and Wellness Stipend
Home Office Reimbursement
Remote, community-focused culture
Company wide meditations
Group workouts hosted by Brightline employees!
At Brightline we have built a total rewards philosophy that includes fair, equitable, competitive, geo-based compensation that is performance and potential based. Our strategy is based on robust market research, including external advisory specializing in national compensation, and thoughtful input from every level of our organization. It is a combination of a cash salary, equity, benefits, wellbeing, and opportunity. In compliance with the Equal Pay for Equal Work Act, the annual base salary range for applicants is $97,000 -$172,000.
Our Commitment to Building a Diverse, Equitable, and Inclusive Workforce
At Brightline, we believe that Diversity, Equity, Inclusion, and Belonging are essential to the foundation that we build our mission upon. We are compelled to build a future where all families can access inclusive, high-quality care. We are committed to creating an environment that encourages our employees to show up authentically, reach their highest potential, and have an equal opportunity to thrive. We are committed to systematically evaluating and improving our inherent beliefs, observed behaviors, structures, and systems. We are committed to ensuring that every employee, candidate, client, and family we serve is valued and respected.
Brightline is on a mission to build a bright future for every child. We’re convening a team of leading clinicians, technologists, business leaders, and creative thinkers to completely transform what behavioral health care looks like. Together, we’re building exceptional technology and real-world care to bring families a warm, supportive, and goal-oriented experience of care that will help them thrive.
Founded in 2019, Brightline is the leading comprehensive behavioral health platform for families, backed by $215M in funding from leading investors, including Oak HC/FT and Threshold Ventures. As we grow quickly across the country, we’re looking for exceptional team members who, like us, are eager to transform behavioral health in this country and change lives.