[Remote] Senior Engineer, Security (AppSec)
Note: The job is a remote job and is open to candidates in USA. Arcadia is dedicated to transforming healthcare through data, aiming for happier and healthier days for all. They are seeking a Senior Engineer β Security (Application Security) to protect their cloud-native healthcare platform by building and improving security controls while contributing to incident response and threat mitigation efforts.ResponsibilitiesDesign, implement, and maintain application security controls across Arcadiaβs cloud-native SaaS platformPartner with Product and Engineering teams to embed security into system design, development workflows, and CI/CD pipelinesConduct threat modeling, architecture reviews, and secure design assessments for new and existing servicesOwn and improve vulnerability management processes, including identification, prioritization, and remediation trackingImplement and maintain security tooling such as SAST, DAST, dependency scanning, container scanning, and secrets detectionParticipate in security incident response activities including detection, investigation, containment, and remediationMonitor and analyze logs, alerts, and security events to identify suspicious activity and emerging threatsContribute to detection engineering by tuning alerts, improving signal quality, and reducing noiseSupport threat intelligence analysis and apply insights to improve preventive and detective controlsPerform post-incident analysis and recommend technical and process improvementsBuild security-as-code solutions to automate control enforcement, validation, and remediationUse scripting and automation to reduce manual effort and improve consistencySupport secure AWS architecture using services such as EKS, ECS, Lambda, IAM, and VPCContribute to identity and access management best practices across AWS, Okta/Auth0, and SaaS platformsTranslate compliance requirements (e.g., SOC 2, ISO 27001, HITRUST, HIPAA) into practical technical controlsPartner with Security Assurance to support audits, evidence collection, and continuous control monitoringHelp identify and remediate security risks discovered through assessments, audits, or incidentsSkills6+ years of experience in application security, cloud security, or security engineering rolesStrong hands-on experience securing cloud-native, SaaS-based environments (AWS required)Solid understanding of application security principles and common vulnerabilities (OWASP Top 10)Solid understanding of secure software development practices and CI/CD integrationSolid understanding of cloud security architecture and IAMSolid understanding of incident detection and response fundamentalsExperience with security tools such as SIEM, SAST/DAST, EDR, vulnerability scanners, and cloud security platformsAbility to script and automate security workflows using Python, Bash, or similar languagesStrong analytical skills and the ability to clearly communicate security risks and recommendationsExperience in healthcare or other regulated industriesFamiliarity with Kubernetes, container security, and modern DevSecOps toolingExperience contributing to detection engineering or threat analysis effortsRelevant certifications such as AWS Security Specialty, CISSP, CCSP, or GIAC certificationsBenefitsEmployee driven programs and initiatives for personal and professional developmentCompany OverviewHealthcare data analytics platform It was founded in 2007, and is headquartered in Boston, Massachusetts, USA, with a workforce of 201-500 employees. Its website is https://arcadia.io.Company H1B SponsorshipArcadia has a track record of offering H1B sponsorships, with 1 in 2026, 1 in 2023, 1 in 2020. Please note that this does not guarantee sponsorship for this specific role.