Linus Health

Application Security Engineer

Boston, MA, USA | 
  • Full-time,
Published on: May 29, 2021


The Company

We are a human-centered digital health company that seeks to radically improve brain health outcomes by leveraging cutting-edge technology and machine learning to unlock precision brain health for as many people as possible. While we are steadfastly focused on individuals’ brain health, we believe that meaningful outcomes can only be achieved within an ecosystem of care that actively includes and engages physicians, professionals and caregivers. We are a team of 30+ and are embarking on an exciting period of accelerated growth, and invite qualified, collaborative, self-driven and impact-oriented professionals to join our dynamic and fast-growing team.


  • provide security guidance on web and mobile applications backed by a RESTful microservices architecture hosted in the cloud

  • establish policies and procedures for insuring code security including testing frameworks integrated into CI/CD pipelines

  • drive internal security and privacy initiatives including documenting and communicating policies for compliance

  • conduct regular security assessments of our apps and architecture

  • analyze, assess, and respond to discovered vulnerabilities

  • coordinate with partners in incident response

Skills and Qualifications

  • B.S. in Computer Science or equivalent experience

  • 3+ years experience developing process and policy for Secure Development Lifecycle Management, Application Security (WWW and Mobile), Cloud Security, Risk and Compliance

  • strong experience with implementing successful and effective SDLC program with high level of automation

  • experience with code scanning and testing frameworks such as owasp, veracode or blackduck

  • experience securing AWS infrastructure using tools like Audit Manager, Inspector, CloudFormation for regulations such as HIPAA, SOX, GDPR, PCI, Global security mandates

  • experience performing Threat Modeling and integrating threat modeling practices into the product life cycle

  • experience in performing architecture and source code reviews for security issues

  • familiarity with javascript, node.js, iOS and Android apps

  • experience testing apps backed by AWS technologies such as IAM, api gateway, cognito, s3, lambda, eks, etc.

  • familiarity with security considerations and configurations for production apps including isolating and securing environments using network configurations, IAM roles, security groups, bastion hosts or amazon workspaces, firewall setups

  • experience with testing frameworks (e.g. jest, mocha, jasmine) and techniques for unit, integration, and e2e testing for web applications as well as CI/CD pipelines

  • familiarity with  infrastructure as code and automation best practices

What We Offer

  • an opportunity to have a lasting impact on the way people and communities engage with brain and mental health, and even to affect the prognosis of people’s mental and brain health trajectory

  • experience-based market salary & benefits

  • an exciting, dynamic start-up atmosphere

  • a flexible work environment around hubs in Boston, San Diego, and Toronto (remote applicants will be considered)