Elation Health is a clinical-first technology company dedicated to strengthening primary care. We build tools that help physicians and clinicians deliver exceptional, high-quality care. Our platform powers physician practices, health systems, and other care organizations that manage sensitive data and depend on Elation as a critical part of their clinical workflow.
As we continue to grow, we are investing in application security to help keep our web applications, APIs, and patient-facing experiences secure by design.
If you're excited about securing tools that help doctors and patients — and you enjoy making the secure path the easiest path for engineers — we want to hear from you, even if you don't check every box below!
What you'll do in your first 60 days:
- Assist with secure design and implementation reviews for new and existing features across web applications, APIs, and backend services.
- Monitor, triage, and help remediate findings from security tooling.
- Get familiar with our security technologies and processes
- Work with feature teams to understand exploitability, prioritize fixes, and track closure of vulnerabilities in alignment with internal SLAs.
- Implement an enterprise security control and configure it for long-term observability.
Success at 6-12 months looks like:
- You're assisting in applying key application security processes
- You're helping shape technical direction for secure, AI-native, product-critical services handling sensitive data
- You're supporting evidence collection for compliance audits
- You've built strong partnerships with product, support, infrastructure, and IT to help identify and triage vulnerabilities and quickly resolve issues
- The security improvements you've implemented are measurably reducing risk
- You’re independently reviewing and triaging security alerts
WHAT WE'RE LOOKING FOR
Essential:
- Experience securing web applications and APIs, including a strong grasp of common vulnerabilities (e.g., OWASP Top 10) and practical mitigations
- Hands-on experience with application security tooling (e.g., SAST, SCA, DAST, IaC/container scanning) and/or observability for security-relevant signals
- Ability to communicate complex security and technical problems clearly to both technical and non-technical audiences
- Exposure with secure SDLC practices such as threat modeling, security-focused design reviews, and vulnerability management
- Track record of delivering high-quality, pragmatic security outcomes in collaboration with product and engineering teams
- Enthusiasm and interest in technology in general and securing systems
Valued but not required:
- Exposure to building or securing systems with AI/LLMs (e.g., OpenAI, Anthropic)
- Familiarity with OA