Job Overview
Location
South San Francisco
Job Type
Full-time
Category
Security Engineer
Date Posted
March 21, 2026
Full Job Description
đź“‹ Description
- • As a Sr. Application Security Engineer at AKASA, you will play a critical role in safeguarding the company’s AI-driven healthcare revenue cycle platform, which processes over $120B+ in net patient revenue for leading health systems like Cleveland Clinic, Duke, Stanford, and Johns Hopkins. Your work will directly protect sensitive patient data and ensure the integrity of mission-critical systems that enable healthcare providers to focus on delivering quality care.
- • You will be embedded within engineering teams to shift security left, owning the end-to-end application security program by integrating threat modeling, secure code reviews, SAST/DAST tooling, and penetration testing into the SDLC — acting as a trusted security partner rather than a gatekeeper, and ensuring security is built in from the start.
- • Day to day, you will partner with engineering squads to identify and remediate vulnerabilities early, lead security design reviews for new features and architecture changes, develop and maintain a risk-based vulnerability management program, and build tailored security training for developers using your software engineering background to make guidance practical and actionable.
- • You will evaluate and implement security tooling across CI/CD pipelines (including SAST, SCA, secret scanning, and container scanning), support third-party penetration tests and bug bounty programs through triage and remediation tracking, and contribute to HIPAA, SOC 2, and other compliance efforts as they relate to application and data security.
- • You will monitor the evolving threat landscape to proactively surface emerging risks relevant to AKASA’s cloud-native, containerized technology stack, and develop applications that run securely in AWS, GCP, or Azure environments, ensuring secure configurations and runtime protection.
- • AKASA’s engineering team is composed of skilled builders who value collaboration, ownership, and technical excellence — you’ll work alongside founders and cross-functional leaders in a high-growth, mission-driven environment where your expertise will have immediate and measurable impact on product safety and customer trust.
- • In this role, you will deepen your expertise in application security within a cutting-edge GenAI healthcare startup, gain visibility into enterprise-scale security challenges, and have the opportunity to shape and mature a security program from the ground up — positioning yourself as a leader in securing AI-driven healthcare systems.
🎯 Requirements
- • 10+ years of experience in software engineering, application security, or a combination of both, with a strong foundation in writing production code and understanding how applications are built.
- • Hands-on experience with OWASP Top 10 vulnerabilities, threat modeling, secure code reviews, and security architecture reviews, plus proficiency in at least one modern language (Python, Go, Java, TypeScript) to read and critique production code.
- • Experience integrating security tooling into CI/CD pipelines (e.g., GitHub Actions, Jenkins), familiarity with cloud security (AWS/GCP/Azure) and container/Kubernetes practices, and working knowledge of auth standards (OAuth 2.0, OIDC, SAML, RBAC) and API security (REST/GraphQL).
🏖️ Benefits
- • Flexible paid time off (PTO) and company-paid holidays to support work-life balance and rest.
- • Expansive health, dental, and vision coverage, employer HSA contributions, and full life insurance coverage for employees.
- • Generous parental leave policy, home office stipend, cell phone/internet reimbursement, and access to a 401(K) plan.
Skills & Technologies
Python
TypeScript
Java
AWS
Azure
Senior
Hybrid
$205k-275k
About AKASA Inc.
AKASA Inc. is a San Francisco-based healthcare automation company that provides AI-driven revenue cycle management software for hospitals and health systems. Its Unified Automation platform uses machine learning to streamline prior authorization, claims processing, payment posting and denial management, integrating with existing electronic health record and billing systems. Founded in 2018, the company helps providers reduce administrative costs, accelerate reimbursements and improve financial outcomes while enabling clinical staff to focus on patient care.
Get more remote jobs like this
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
