# Application Security Engineer
**Company:** [AKASA](https://hotfix.jobs/companies/akasa)
**Location:** South San Francisco, CA
**Salary:** $205K-$275K
**Experience:** 5+ years
**Skills:** Python, Go, Java, TypeScript, Owasp Top 10, SAST, DAST, Sca, Kubernetes, AWS, Oauth 2.0, OIDC, SAML, Rest, GraphQL
**Posted:** 2026-03-19
> Application Security Engineer conducts secure code reviews, threat modeling, and automates security tooling with AI in CI/CD pipelines to protect patient data systems. Requires 5+ years app sec experience, coding proficiency in modern languages, and cloud/container security knowledge.
## Job Description
## Responsibilities
- Perform secure code reviews, threat modeling, and security design reviews for new features and services.
- Use AI to automate tooling like SAST, DAST, SCA, secret scanning, and container scanning tools across our CI/CD pipelines.
- Use AI to triage and validate vulnerability findings from automated tools, penetration tests, and bug bounty submissions. Track remediation to closure.
- Work directly with engineering squads to fix security issues, helping developers understand the “why” and the fix.
- Support third-party penetration tests: scoping, coordination, triage, and follow-through on results.
- Contribute to developer security guides and training grounded in our actual codebase and stack.
- Help maintain and improve our vulnerability management workflows and tracking using AI.
- Support compliance work related to HIPAA and SOC 2 where it touches application and data security.
- Stay current on the threat landscape and flag emerging risks relevant to our technology and industry.

## Requirements
**Must-haves**
- 5+ years of experience in application security.
**Technical Skills**
- Written production code and can read, review, and critique code in at least one modern language (Python, Go, Java, TypeScript, etc.).
- Solid working knowledge of common vulnerability classes (OWASP Top 10, injection attacks, auth flaws, insecure deserialization, etc.) and how to fix them.
- Hands-on experience with threat modeling and secure code review against real systems.
- Experience working with security tooling in CI/CD pipelines (SAST, SCA, secret scanning, GitHub Actions, etc.).
- Familiarity with cloud environments (AWS) and container/Kubernetes basics from a security angle.
- Working understanding of auth standards (OAuth 2.0, OIDC, SAML) and API security concepts (REST, GraphQL).

**How You Work**
- Collaborative, prefer helping developers fix issues directly.
- Communicate clearly to engineers and product managers.
- Organized to juggle multiple findings across teams.
- Comfortable with ambiguity in fast-moving environment.
- Care about mission protecting patient data.

## Nice-to-haves
- Experience in healthcare or health-tech; familiarity with HIPAA Security Rule requirements.
- Exposure to compliance frameworks like SOC 2 Type II, HIPAA, or HITRUST.
- Experience at a company where you’ve worn multiple hats.
- Relevant certifications (OSCP, CSSLP, CEH).

## Compensation
- Salary range: $205,000-$275,000 + Equity.
- Flexible PTO, health/dental/vision coverage, HSA contributions, parental leave, life insurance, home office stipend, cell/internet reimbursement, 401(k).
**Apply:** https://hotfix.jobs/jobs/application-security-engineer-at-akasa-dc964acd-4002-4d12-95e7-906b0f28b026
**Canonical:** https://hotfix.jobs/jobs/application-security-engineer-at-akasa-dc964acd-4002-4d12-95e7-906b0f28b026