Senior Application Security Engineer, AI & Product Security

United States·SeattleFull Timesenior

EngineeringSecurity Engineer

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

ABOUT ARTERA Our Mission: Make healthcare #1 in customer service. What We Deliver: Artera, a SaaS leader in digital health, transforms patient experience with AI-powered virtual agents (voice and text) for every step of the patient journey.

Technical Tools

awsazuregcpterraformci-cdfintechhealthtechsaas

ABOUT ARTERA

Our Mission: Make healthcare #1 in customer service.

What We Deliver: Artera, a SaaS leader in digital health, transforms patient experience with AI-powered virtual agents (voice and text) for every step of the patient journey. Trusted by 1,000+ provider organizations — including specialty groups, FQHCs, large IDNs and federal agencies — engaging 100 million patients annually. Artera’s virtual agents support front desk staff to improve patient access including self-scheduling, intake, forms, billing and more. Whether augmenting a team or unleashing a fully autonomous digital workforce, Artera offers multiple virtual agent options to meet healthcare organizations where they are in their AI journey. Artera helps support 2B communications in 109 languages across voice, text and web. A decade of healthcare expertise, powered by AI.

Our Impact: Trusted by 1,000+ provider organizations — including specialty groups, FQHCs, large IDNs and federal agencies — engaging 100 million patients annually. Hear from our CEO, Guillaume de Zwirek, about why we are standing at the edge of the biggest technological shift in healthcare’s history!

Our award-winning culture: Our award-winning culture: Since founding in 2015, Artera has consistently been recognized for its innovative technology, business growth, and named a top place to work. Examples of these accolades include: Inc. 5000 Fastest Growing Private Companies (2020, 2021, 2022, 2023, 2024); Deloitte Technology Fast 500 (2021, 2022, 2023, 2024, 2025); Built In Best Companies to Work For (2021, 2022, 2023, 2024, 2025, 2026). Artera has also been recognized by Forbes as one of “America’s Best Startup Employers,” Newsweek as one of the “World’s Best Digital Health Companies,” and named one of the top “44 Startups to Bet your Career on in 2024” by Business Insider.

Applicants must be currently authorized and have the ability to provide proof of full-time, long-term authorization to work in the United States. We are unable to provide visa sponsorship or support visa transfers now or in the future.

ABOUT THE OPPORTUNITY

Artera is seeking a hands-on Senior Application Security Engineer, AI & Product Security to work alongside our AI builders and Systems Engineers to threat-model agentic and LLM-powered features, harden PHI/PII-handling workflows, and ship the "paved road" tooling (secure SDLC guardrails, prompt/agent-identity patterns, SAST/DAST/SCA in CI/CD) that keeps innovation fast and safe.

This is a frontier role. You'll be operating where AI security is still being defined — translating policy into code, building guardrails for agent identity and prompt/output filtering, and giving our team the logging, scanning, and safe tool-use patterns. Artera Security finds the secure path and ships it with our AI Builders and System Engineers.

This role is based in our Seattle, WA office. In-person collaboration is intentional – you'll be working shoulder-to-shoulder with our AI builders, Systems Engineers, and security leadership as we build Artera's Seattle tech hub.

This role supports federal-facing systems and contributes to enterprise security functions. Candidates must meet eligibility for a government background check and follow strict data protection, access control, and incident response protocols. Familiarity with regulatory frameworks is expected. Ongoing compliance training and evidence-based documentation may be required.

AI Threat Modeling: Threat-model agentic and LLM-powered features end-to-end: data ingress/egress, agent identity, tool-use boundaries, and the unique risks that come with frontier AI work

Paved Road Tooling: Build the secure SDLC paved road — secure SDLC guardrails, prompt/agent identity patterns, secrets management, PHI/PII redaction patterns

Security Gates: Embed SAST, DAST, SCA, and infrastructure scanning into CI/CD so security gates are part of the pipeline, not an afterthought

AI Monitoring Strategy: Identify and pilot an AI monitoring tool to fill the gap our current tooling (Zscaler) doesn't cover

Policy -> Practice: Translate existing security policy into safe tool-use patterns for the Artera Primitives team, Systems Engineers, and other AI Builder squads

Cross Functional Partnership: Partner cross-functionally with DevOps, Systems Engineering, and the AI builder teams — meeting AI Builders and engineers in the middle and finding the secure path forward, not the "no" path

Security Ownership: Own AWS identity and access management patterns, secrets management, and security tooling decisions in our AWS environment. Collaborate with System Engineers / DevOps on implementation.

Security Framework Application: Apply frameworks like MITRE ATT&CK, MITRE ATLAS, OWASP Top 10, and OWASP LLM Top 10 to architectural decisions.

AppSec Tenure: 6–10 years in Application Security, with a hands-on engineering orientation

LLM & Agent Security: Demonstrable experience with LLM and agent security — OWASP LLM Top 10, MITRE ATLAS, prompt/output filtering, agent identity, and tool-use risk

Threat Modeling Expertise: You’ve built end-to-end threat models for production platforms and translated them into corrective controls

Pipeline Scanning Tools: SAST, DAST, and infrastructure scanning tools in production CI/CD environments

Shift-Left Security Experience: Taking policy, codifying it as infrastructure-as-code (Terraform), and gating CI/CD pipelines on security findings

Cloud Depth: Significant AWS experience (GCP or Azure background acceptable; AWS is learnable, but cloud depth is required)

Regulated Environment Experience: Background in regulated environments — healthcare (HIPAA/HITRUST), federal (FedRAMP), or fintech (PCI)

Collaborative Communicator: Strong cross-functional communicator;able to partner with engineers and AI builders, find the secure path together.

Agentic AI Modeling: Direct experience threat modeling agentic AI systems (rare — but if you have it, you're the cherry on top)

Agentic Platform Exposure: AWS Agent Core, MCP, or similar agent-platform exposure

Growth Stage AI Experience: Experience at a growth-stage company (~50–500 people) that has already adopted agentic AI

Fintech to Agentic Path: Background in fintech transitioning into agentic systems (a common path into this kind of work today)

AI Monitoring Tool Ownership: Past ownership of an AI monitoring tool rollout or evaluation