S
New
USD 180000-205500/yr

Senior Application Security Engineer II

Remotesenior
EngineeringSecurity Engineer
0 views0 saves0 applied

Quick Summary

Key Responsibilities

Contribute to the advancement of secure-by-design practices within the team’s S-SDLC program, including participation in architecture reviews, design consultations,

Technical Tools
EngineeringSecurity Engineer

Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. We're building a world where getting support is simple, personal, and built around the person, so care can continue through every job, move, health plan, and life stage.

Our AI-native platform helps us deliver personalized support across self-guided tools, coaching, therapy, medication management, and specialty care. With outcomes independently validated by JAMA Network Open and the Validation Institute, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.

As an AI-native company, we believe technology should expand the reach, quality, and humanity of care. Every Spring Health team member is expected to use AI tools thoughtfully, apply human judgment to AI outputs, and keep building AI fluency in ways that support their role and our mission.

Spring Health is looking for a Senior Application Security Engineer II to join our growing Application Security team. Reporting to the Manager, Application Security, you will play a key role in maturing and expanding our AppSec programs — including established SAST, SCA, and DAST capabilities — while helping shape new initiatives such as a Secure AI Development Lifecycle (ADLC). You will work alongside a team of engineers who have laid a strong foundation, bringing your experience to help take these programs to the next level.

This is a full-time, fully remote position open to candidates residing within the United States. Occasional travel to our NYC headquarters may be required.

Responsibilities

~2 min read
  • Contribute to the advancement of secure-by-design practices within the team’s S-SDLC program, including participation in architecture reviews, design consultations, and security guidance across the development lifecycle.
  • Mentor engineers on secure coding practices, AppSec fundamentals, and career growth, fostering a collaborative environment where the team grows stronger together.
  • Facilitate the development of an AI-assisted threat modeling program, spanning risk identification, security architecture, and proactive program maturity, enabling the ability to scale threat modeling across the organization.
  • Contribute to maturing the team’s established SAST, SCA, and DAST programs through rule tuning, coverage improvements, and identifying opportunities to strengthen security controls as the organization scales.
  • Perform security-focused code reviews of internal and open-source libraries, prioritizing findings by exploitability and business impact.
  • Support vulnerability remediation efforts by assessing impact, proposing solutions, and validating fixes in accordance with the team’s established remediation workflows.
  • Identify and implement process improvements and security automation using languages such as Go, Python, JavaScript, or Ruby, including the integration of AI tooling to improve team workflows and program efficiency.
  • Contribute to security assessments of AI-integrated product features, including LLM APIs, vector databases, and RAG pipelines, with a focus on risks such as prompt injection, data leakage, and model supply-chain vulnerabilities.
  • Contribute to the research, design, and development of a Secure AI Development Lifecycle (ADLC) in accordance with the OWASP Top 10 for LLM Applications and emerging adversarial ML guidance.
  • Evaluate and recommend AI-assisted security tooling, including AI-augmented SAST and LLM-powered code review, to improve program coverage and team efficiency.
  • Demonstrated improvements to the team’s SAST, SCA, and DAST programs through rule tuning, noise reduction, and coverage expansion within the first 90 days.
  • Delivery of a documented AI-assisted threat modeling program and foundational ADLC framework, including defined processes, tooling recommendations, and adoption milestones.
  • Consistent adherence to team SLAs for vulnerability triage and remediation, with measurable contributions to reducing time-to-remediation for high and critical findings.
  • Delivered security automation and AI tooling integrations that produce measurable improvements to program efficiency or engineering team experience.
  • Completed security assessments of AI-integrated product features with documented findings, risk ratings, and remediation guidance delivered to engineering teams.
  • 7+ years of professional experience in application security or a closely related security engineering discipline, including experience working on complex, ambiguous problem areas independently.
  • Hands-on experience with DAST, SAST, and SCA tools, and manual testing techniques (OWASP, SANS Top 25).
  • Demonstrated experience securing CI/CD pipelines with commercial and custom-built tooling.
  • Experience with IaaS cloud infrastructure (AWS, Azure, or GCP), container technologies, and service-oriented architectures.
  • Security automation experience in at least one of: Go, Python, JavaScript, or Ruby.
  • Familiarity with AI/ML security concepts — prompt injection, adversarial inputs, model supply-chain risks, and the OWASP LLM Top 10.
  • Working knowledge of AI and LLM tooling (e.g., OpenAI, Anthropic, LangChain, or equivalent) sufficient to assess security risk and integrate into automated workflows.
  • Experience implementing controls aligned to NIST CSF, HIPAA, HITRUST, ISO-27001, or SOC-2.
  • Strong cross-functional collaboration skills, with experience working alongside engineering, product, and leadership stakeholders to define and advance security priorities and plans.
  • Bachelor’s degree in Computer Science, Engineering, MIS, IT, or equivalent work experience.

Nice to Have

~1 min read
  • 3+ years of demonstrated experience in security architecture, including designing and reviewing security controls across cloud-based, distributed, or service-oriented systems.
  • Experience leading or contributing to the development of a formal threat modeling program, including tooling selection, methodology design, and adoption across engineering teams.
  • Hands-on experience evaluating or implementing AI security tooling, including AI-augmented testing, LLM security assessments, or automated risk analysis.
  • Experience managing a bug bounty or vulnerability disclosure program.
  • Experience in digital health, healthcare technology, or other HIPAA-regulated environments.

The target base salary range for this position is $180,000 - $205,500, and is part of a competitive total rewards package including stock options and benefits. Individual pay may vary from the target range and is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually using Radford Global Compensation Database at minimum to ensure competitive and fair pay. 

What We Offer

~2 min read

Note: We have even more benefits than listed here and below, your recruiter will provide more in-depth information as you continue in the interview process. Benefits are subject to individual plan requirements and eligibility criteria.

Health, Dental, Vision benefits start on your first day at Spring. You and your dependents also receive access to One Medical accounts HSA and FSA plans are also available, with Spring contributing up to $1K for HSAs, depending on your plan type.
Employer sponsored 401(k) match of up to 2% for retirement planning
A yearly allotment of no cost visits to the Spring Health network of therapists, coaches, and medication management providers for you and your dependents.
We offer competitive paid time off policies including vacation, sick leave and company holidays.
At 6 months tenure with Spring, we offer parental leave of 18 weeks for birthing parents and 16 weeks for non-birthing parents.
Access to Noom, a weight management program—based in psychology, that’s tailored to your unique needs and goals.
Access to fertility care support through Carrot, in addition to $4,000 reimbursement for related fertility expenses.
Access to Wellhub,  which connects employees to the best options for fitness, mindfulness, nutrition, and sleep in one subscription
Access to BrightHorizons, which provides sponsored child care, back-up care, and elder care
Up to $1,000 Professional Development Reimbursement a year.
$200 per year donation matching to support your favorite causes.

Location & Eligibility

Where is the job
Worldwide
Fully remote, anywhere in the world
Who can apply
Open to applicants worldwide

Listing Details

Posted
July 15, 2026
First seen
July 15, 2026
Last seen
July 15, 2026

Posting Health

Days active
0
Repost count
0
Trust Level
67%
Scored at
July 15, 2026

Signal breakdown

freshnesssource trustcontent trustemployer trust
Newsletter

Stay ahead of the market

Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

A
B
C
D
Join 12,000+ marketers

No spam. Unsubscribe at any time.

S
Senior Application Security Engineer IIUSD 180000-205500