Application Security Engineer

Who is Eleos Health?

Today, more people than ever are speaking publicly about their mental health. Whether it's ourselves, our friends and family or even public figures, taking care of your behavioral health is no longer a taboo, it's vital, and it's only human.

Eleos is on a mission to help deliver the world's most effective behavioral care through data, measurement, and personalization. Or simply put, we want to give clinicians the support they need to do the important work only they can do.

What is this opportunity?

As the Application Security Engineer, you will be responsible for integrating and maintaining robust security practices throughout the entire application development lifecycle. You will work closely with cross-functional teams including Software Engineering, DevOps and Product.

This role requires a security-minded professional who has deep experience in cloud-based architectures and is excited about building secure and scalable solutions.

How will you contribute?

•  Secure Software Development Lifecycle (SSDLC)- Collaborate with developers to integrate security best practices into all stages of the SDLC. Conduct secure code reviews, threat modeling, and vulnerability assessments.
• Application Security Testing- Implement and manage SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools. Continuously monitor, track, and resolve identified vulnerabilities.
• Cloud Security & Infrastructure- Work with DevOps/Infrastructure teams to secure cloud environments, including containerized workloads, CI/CD pipelines, and serverless functions. Configure and maintain cloud security best practices.
• Security Architecture & Design- Collaborate on the design of new applications and features, advising on secure architecture patterns, encryption mechanisms, and identity & access management. Develop and maintain security reference architectures and technical standards.
• Automation & Continuous Improvement- Identify opportunities to automate security checks and policy enforcement within the CI/CD pipeline. Research and recommend new security tools, technologies, and processes to enhance the security posture of the organization

What qualifications and skills will help you be successful?

• 5+ years of experience as an Application Security Engineer in a SaaS company
• Hands-on experience managing a bug bounty program, including triaging submissions, validating vulnerabilities, and collaborating with researchers and internal teams to ensure timely remediation
• Proven track record of working closely with R&D teams to integrate secure development practices, perform code reviews, and provide guidance on identifying and mitigating vulnerabilities throughout the SDLC
• Active participation in Solution Concept discussions for new features, with the ability to proactively raise security concerns and influence secure architectural decisions
• Strong analytical skills to assess risk and anticipate which application vulnerabilities could escalate into significant threats
• Strong oral and written communication skills, with the ability to write clear and comprehensive security reports
• Sound decision-making capabilities, particularly in evaluating and adopting countermeasures for emerging or unknown threats

This is a unique opportunity to join a startup that has a meaningful impact on the well-being and mental health of thousands. 

We have:

• A product that positively impacts people's lives every single day.
• A team of amazing people with a shared vision and the infinite drive to make it happen
• We offer significant equity.
• Opportunity to build, grow, and become highly instrumental in shaping how technology can increase the effectiveness of therapy
• Hybrid work opportunities. 
• On mental health days off, you can take any given moment simply because you need them.