Application Security Engineer

San Francisco, CA

About Us

At One Medical we are passionate about revolutionizing the primary care industry by offering a new approach to primary care. We combine people-centered design, technology, and a team of talented health care providers to give our members an amazing experience.

One Medical is the fastest-growing primary care system in the country with over 70 locations nationwide in Boston, Seattle, Chicago, Los Angeles, New York, Phoenix, the San Francisco Bay Area, and Washington, DC. 

The Opportunity

If you like to break apps and you know what it takes to secure apps, then our Application Security Engineer role is for you. Application security engineers work on a team that identifies threats and risks, vulnerabilities and attack vectors, and works with engineering to develop ways to mitigate and prevent. This is very much a product security role, where you have the opportunity to take ownership in the overall direction of the security of our products, including cloud and mobile apps.

This role is on the front lines of securing hundreds of thousands of people’s healthcare and personal information. It is not just about finding and fixing vulns; it is very much revolutionizing the security of healthcare. Bring your technical chops to a really good cause.


What you'll work on:

  • In general, break applications and find ways to prevent them from being broken.
  • Hands-on security testing (black-box, gray-box) and code review of cloud and mobile products, APIs, internal automation, and internal applications.
  • Threat modeling product features and production environments.
  • Security partnership with product development and engineering teams.
  • Product security guidance and architecture oversight, design reviews, and security feature roadmap collaboration.
  • Security research, presentations, publications, and security industry collaboration.


You'll be set up for success if you have:

  • Application security experience (product security) with hands-on app breaking, finding vulnerabilities, and working with devs to mitigate vulnerabilities.
  • Deep knowledge and experience in at least two of the following languages: Ruby on Rails, Python, Java, Javascript, Angular
  • Experience with OS level vulnerabilities and DB level vulnerabilities
  • Relevant working experience with Unix/Linux and multiple DBs including MySQL, PostgreSQL, Mongo, Redis, etc.
  • Knowledge of real world, applied crypto techniques
  • Experience with scripting, shells, automation
  • B.S. / M.S. in Computer Science, Electrical Engineering or related experience.


Bonus points if you have:

  • Penetration and/or Red Teaming testing experience
  • Production network security experience
  • CI and automation experience


Benefits designed to aid your health and wellness:

Taking care of you today

  • Paid sabbatical after 5 and 10 years
  • Employee Assistance Program - Free confidential advice for team members who need help with stress, anxiety, financial planning, and legal issues
  • Competitive Medical, Dental and Vision plans
  • Free One Medical memberships for yourself, your friends and family
  • Pre-Tax commuter benefits
  • PTO cash outs - Option to cash out up to 40 accrued hours per year

Protecting your future for you and your family

  • 401K match
  • Credit towards emergency childcare
  • Company paid maternity and paternity leave
  • Paid Life Insurance - One Medical pays 100% of the cost of Basic Life Insurance
  • Disability insurance - One Medical pays 100% of the cost of Short Term and Long Term Disability Insurance


This is a full-time role based in San Francisco, CA.

One Medical is an equal opportunity employer and encourages all applicants from every background and life experience.