[Remote] Staff, Security Engineer
Note: The job is a remote job and is open to candidates in USA. Fullscript is an industry-leading health technology company on a mission to help people get better. They are seeking a Staff Security Engineer to join their Security Engineering team, responsible for designing and implementing security solutions across their products and platforms while mentoring engineers and influencing security strategy.ResponsibilitiesLead the design and implementation of security solutions across Fullscript's applications, platforms, and AI-powered systemsPartner with engineering teams to embed security throughout the software development lifecycle, including architecture reviews, threat modeling, secure coding practices, and design reviewsDrive application security, product security, and vulnerability management initiatives from concept through implementationOwn complex security challenges that span multiple teams, balancing technical requirements, business priorities, and engineering constraints to deliver scalable solutionsMentor engineers and security practitioners, raising the bar for secure software development and helping teams make sound security decisionsInfluence technical strategy and security standards through hands-on engineering, technical leadership, and cross-functional collaborationStay ahead of emerging threats, security technologies, and AI-specific risks to help shape Fullscript's long-term security postureSkills8+ years of software engineering experience designing, building, and operating production systems3+ years of recent experience in application security, product security, security engineering, or a related security disciplineDeep understanding of secure software development, modern application architectures, APIs, and cloud-native environmentsExperience owning complex technical initiatives from problem definition through delivery, including working across multiple teams and stakeholdersProven ability to influence technical direction, mentor engineers, and drive adoption of security best practicesStrong hands-on experience with security tooling, automation, vulnerability management, and security assessmentsExcellent communication skills, strong technical judgment, and a continuous learning mindsetExperience securing Ruby on Rails, Node.js, JavaScript, GraphQL, or similar application ecosystemsExperience with AWS cloud security and cloud-native security controlsExperience with threat modeling methodologies such as STRIDE, PASTA, or similar frameworksExperience with vulnerability management, application security posture management, or developer security toolingFamiliarity with GitHub, GitLab, Wiz, static analysis tools, secret scanning, or related security platformsExperience conducting penetration testing, security research, or ethical hacking activitiesExperience protecting healthcare, regulated, or sensitive customer dataBenefitsRemote-first flexibility to work where you work best, with North America (Ottawa, Toronto, or Calgary) preferred for this role.Flexible PTO and competitive pay, because work-life balance mattersRRSP/401k match and stock options to invest in your futurePremium benefits package with customizable coverage, paramedical services, and an HSA.Fullscript discounts to save on high-quality wellness productsContinuous learning opportunities to grow your skills and careerCompany OverviewFullscript is a supplement dispensing platform and patient adherence tool that supports practitioners at the point of care and beyond. It was founded in 2011, and is headquartered in Ottawa, Ontario, CAN, with a workforce of 501-1000 employees. Its website is http://fullscript.com/.