Security Application Engineer

About Remo

Remo is building the new standard of dementia care by fundamentally changing the care journey for individuals living with dementia and their caregivers (the Dyad). As a virtual dementia care provider, our expert clinical team designs personalized, comprehensive care to serve people with dementia and caregiver needs (instead of a one-size-fits-all approach). We empower family caregivers by connecting them with a vibrant community of other caregivers, expert content, and tools to manage the entire dementia journey – from anywhere, at any time. Our mission is simple – to provide accessible, comprehensive, quality dementia care for every person who needs it.

About the Role

You’ll help us build secure-by-default systems, proactively detect and respond to threats, and guide cross-functional teams through best practices in secure development. Whether it’s tuning SAST tooling in CI, securing Next.js applications, running red-team-style tests, or designing cloud IAM policies, you’ll bring clarity, urgency, and expertise.

We’re looking for someone who’s pragmatic, collaborative, and deeply technical—able to both write Terraform and explain the tradeoffs behind an auth flow. If you’re the kind of engineer who spots security debt before it becomes risk and builds trust by improving the developer experience, we want to talk.

What you’ll be doing

• Continuously monitor our infrastructure and application surface area for active threats, unauthorized access, potential vulnerabilities or exposures.

• Own and evolve our security architecture across GCP and GKE with a focus on Google Assured Workloads.

• Review and secure Terraform-based infrastructure changes against CIS benchmarks, HIPAA, HITRUST, and other control frameworks.

• Develop response playbooks, lead incident response efforts, and close the loop quickly when issues arise.

• Actively respond to and mitigate security incidents in real time.

• Run internal red-team-style exercises and simulate real-world attacks to harden our defenses before attackers test them.

• Correlate data across logs, traces, and metrics (we use Datadog) to detect anomalies and potential compromise.

• Perform continuous penetration testing and active scanning of our infrastructure, networks, and services.

• Secure product-layer surfaces by implementing and enforcing security controls across our applications and APIs.

• Integrate and monitor security tooling (SAST, IAST, SCA, secrets scanning) into GitHub workflows and CI/CD pipelines.

• Collaborate with engineering on secure coding standards, architecture reviews, and threat modeling.

• Maintain compliance documentation, conduct internal security audits, and ensure security measures align with business objectives.

You May Be a Good Fit If You

• Have 8+ years of experience in cybersecurity engineering.

• Experience working in a start up environment or leading security initiatives in a lean environment.

• Have strong knowledge of modern DevSecOps principles.

• Have working knowledge of compliance frameworks such as HIPAA, SOC2, HITRUST, NIST, or ISO 27001.

• Deep knowledge and experience configuring Datadog SIEM for active and passive security monitoring/management. Other SIEM tool experience is transferable as well.

• Have deep hands-on experience with Terraform, GCP, Google Kubernetes Engine (GKE) and cloud security controls.

• Are experienced with SIEM platforms, runtime threat detection, and monitoring workflows.

• Are familiar with offensive security, red teaming, and continuous penetration testing.

• Have a strong product-layer security mindset—proficient in securing modern web applications.

• Secure applications from a software engineering perspective - we're looking for someone who can collaborate with our engineers on secure coding best practices and integrate security into the development process.

• Are experienced in integrating and operationalizing SAST, IAST, SCA, and secrets scanning tools.

• Are experienced deploying, securing, and monitoring APIs in production environments.

• Have a proven ability to design, implement, and monitor CI/CD security pipelines, secrets/config management, cloud auth systems, and observability pipelines.

• Strong understanding of Google Assured Workloads, policy enforcement, and workload isolation.

• Have availability to work nights and weekends during unplanned outages or security incidents.

You’re the Ideal Candidate If You Have

• CCSP, GPCSE, CASP+ , CASE or GSEC certifications—or equivalent real-world experience in threat detection and incident response.

• Experience with RAG architectures, Gemini LLM, or securing LLM-powered features.

• A background in healthcare security, PHI protection, and compliance frameworks.

Medical

• 100% Company-paid medical premiums for you and your dependents with HSA options

• Dental and vision plans (50% company-paid premium on employee’s dental plan)

• Dependent care FSA

Financial

• 100% 401(k) match of up to 4%

• $80 / month stipend for cell and wifi

Time Off

• 20 days of PTO and 11 paid holidays

• 5 days sick leave

• 16 weeks fully paid parental leave for birthing parents and 8 weeks for non-birthing parents

• Bereavement leave and pregnancy loss leave

Opt-In Ancillary Options:

• Short-term and long-term disability insurance

• Life insurance

• Critical illness, accident, and hospital indemnity insurance

• Pet insurance

• Legal advice

• Rightway Health, clinical care navigator

• Employee Assistance Program

Remo aims to reduce health inequities by improving access to affordable, high-quality dementia care. Embracing diversity and equal opportunity are core to that mission--these principles shape our culture, the products we build, and the services we deliver. We celebrate a variety of backgrounds, perspectives, and skills, reflecting the diversity of the caregivers and patients we serve.

We useE-Verify to confirm the identity and employment eligibility of all new hires:Participation Poster(PDF),Right to Work Poster(PDF)

Originally posted on Himalayas