Your day to day is...
- Serving as an accessible point of contact for engineering squads, helping teams understand and follow secure development lifecycle guidelines.
- Assisting developers in reviewing and interpreting alerts from static analysis and software composition analysis tools, including helping distinguish true vulnerabilities from false positives.
- Providing clear, actionable guidance on remediating common application security vulnerabilities, including issues aligned to the OWASP Top 10.
- Helping maintain internal security documentation, developer playbooks, and secure coding training materials so that compliance expectations are clear and achievable.
- Supporting application security governance by tracking key security milestones and organizing technical evidence from repositories and deployment pipelines for compliance audits.
- Monitoring application security metrics, including vulnerability patch timelines and policy exceptions, to support regular leadership reporting.
- Working with cutting-edge GenAI tools and technology while supporting AI governance frameworks and helping ensure AI-enabled workflows align with privacy and security guardrails.
You’ll be successful in this role if you have…
- Meaningful experience in an information security role, software engineering position, or IT audit function with an application security focus.
- A foundational understanding of software development processes and how security fits into agile environments.
- Familiarity with code review concepts and comfort reading at least one major language used in cloud environments, such as Python, JavaScript, Go, or Java.
- Basic exposure to cloud environments such as AWS, GCP, or Azure, along with an understanding of Git workflows.
- A conceptual understanding of vulnerability categories and web application security standards.
- An interest in emerging technology trends, especially AI security risks and automated workflows.
- Required: the ability to integrate generative AI tools into daily workflows to automate tasks, foster innovation, and maximize productivity.
- A degree in Computer Science, Cybersecurity, or a related technical field is preferred, though equivalent hands-on experience or certifications such as Security+, GSEC, or CEH are also highly valued.
- Superb communication skills, humility, and a collaborative approach to supporting stakeholders across engineering and security.
Benefits
- Flexible work environment
- Unlimited Vacation
- 100% paid employee health benefit options (including medical, dental, and vision)
- 401(k) with employer funded match
- Corporate wellness program with Wellhub
- Sabbatical leave (for employees with 5+ years of service)
- Competitive paid parental leave and fertility/family planning reimbursement
- Cell phone reimbursement
- Employee Resource Groups and ZocClubs to promote shared community and belonging
- Great Place to Work Certified
Zocdoc is committed to fair and equitable compensation practices. Salary ranges are determined through alignment with market data. Base salary offered is determined by a number of factors including the candidate’s experience, qualifications, and skills. Certain positions are also eligible for variable pay and/or equity.