Senior Application Security Engineer

**Senior Application Security Engineer** Remote Infrastructure \& Security Remote Full\-time About Fabric Health At Fabric Health, we are powering boundless care by solving healthcare’s biggest challenge: clinical capacity. We aren’t here to disrupt healthcare; we’re here to fix it. We unify the care journey from intake to treatment, using intelligent automation to remove administrative burdens and make care delivery 2\-10x more efficient. Our technology empowers clinicians to move faster and focus on what matters most: the patient. We are a mission\-driven team of brilliant minds trusted by leading organizations including Intermountain Health, OSF HealthCare, SSM Health, and MUSC Health. Our vision is backed by premier investors such as Thrive Capital, GV (Google Ventures), General Catalyst, and Salesforce Ventures. We move quickly for good reason, listen deeply to solve big challenges, and build products with the same care and quality we’d want for our own loved ones. **Learn more:** About Us \| News \& Press \| LinkedIn \| Careers About the Role Fabric handles protected health information at scale across 75\+ health systems and millions of patient encounters. Security is not a layer we add at the end. It is built into how we work. As a Senior Application Security Engineer, you will own the application security practice at Fabric, partnering directly with engineering to embed security throughout the development lifecycle, build the tooling and automation that keeps our platform secure, and ensure our applications meet the compliance standards our health system customers require. This is a new headcount reporting to the VP of Infrastructure. What You'll Do As a Senior Application Security Engineer, you will be the driving force behind application security at Fabric, operating as a partner to engineering rather than a gatekeeper. Your primary responsibilities will include: * Secure Development \& Code Review: Partner with engineering teams to embed security throughout the SDLC across Fabric's Ruby on Rails, Python, React, and Node.js applications. Conduct security\-focused code reviews and provide actionable guidance on secure coding practices. * Threat Modeling \& Assessment: Lead threat modeling exercises for new features and architectural changes. Conduct application penetration testing and vulnerability assessments across the platform, prioritizing findings and working directly with engineering to drive remediation. * DevSecOps \& Tooling: Implement and manage SAST and DAST tooling integrated into CI/CD pipelines. Build security guardrails and automated checks that allow engineering to move fast without introducing risk to the platform or patient data. * Compliance \& Risk: Ensure application security practices meet HIPAA, SOC 2, and HITRUST requirements. Assess third\-party integrations and APIs for security risk, including EHR integrations with Epic and Cerner. * Security Education \& Culture: Run secure coding training and