Application Security Engineer

Collective Health, San Francisco

Leading the healthcare evolution

Our security team at Collective Health is at the heart of the company’s success. We spend a lot of time actively working with the broader community instead of opposing them, and we find that it passes off in spades. As part of the security team you’ll be responsible for ensuring the success of a collaborative security pipeline we’ve built out and actively encourage and promote the security internal SDLC we have here.


  • Augmenting our Continuous Integration and Continuous Deployment pipeline to include better security controls
  • Perform code audits on internal and open source libraries for inclusion in our products
  • Assist in the architecting of new products, features and capabilities
  • Partner with shareholders from the various teams we have here in order to ensure good security outcomes
  • Network and application vulnerability assessments
  • Provide detailed explanations of the security issues found and ensure that those responsible for fixing them have a firm grasp of the fixes that needs to be implemented
  • Provide technical leadership and mentorship on security topics
  • Contribute to the security industry through open source software, research, white papers or presentations

Minimum Qualifications

  • Experience programming in one or more of the following languages: Python, Go or Java
  • Experience working with Cloud networks (AWS, GCP, DO, AZURE)
  • Experience with common attack scenarios in various common layers within our infrastructure (cloud-based issues, code quality, insider threat, etc)
  • Deep understanding of information security principles
  • Practical experience conducting web application security reviews and network-based penetration testing

Desired Qualifications

  • Understanding of a wide range of vulnerability classes
  • Strong development experience in the security field (custom tools etc)
  • Published work in the vulnerability research or information security field
Collective Health is a technology company simplifying employer healthcare to make health insurance work for everyone. With more than 200,000 members and over 45 enterprise clients—including Pinterest, Red Bull, Restoration Hardware, Activision Blizzard, and more—our technical and customer experience teams are reinventing the healthcare experience for forward-thinking employers and their people across the U.S.

Collective Health is headquartered in San Francisco, CA, with additional offices in Chicago, IL, and Lehi, UT. Founded in 2013, Collective Health is backed by the SoftBank Vision Fund, DFJ Growth, PSP Investments, NEA, GV, G Squared, Founders Fund, Maverick Ventures, Mubadala Ventures, Sun Life, and other leading investors. For more information, visit us at https://www.collectivehealth.com

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.


About Collective Health

While medical technology continues to take giant steps forward, somehow the systems driving health coverage are still stuck in the past. The experience we have today is confusing. It’s painful. And we all deserve better. Collective Health was founded on the belief that better is possible. Driven by our mission to make understanding, navigating, and paying for care effortless, we’ve evolved the way health benefits work. More than 155 million Americans count on an employer for coverage. That's why, with the technology to create a more intelligent solution and the compassion to know that every person matters, we deliver a connected healthcare experience for companies who want the best for their employees.

Want to learn more about Collective Health? Visit Collective Health's website.