Web Application Security Engineer (Architecture team)

Mariia Dvornikova
Mariia Dvornikova
Recruitment Partner

Location:

Kyiv, Ukraine | Online, Ukraine

Help doxy.me build meaningful software in healthcare used by doctors, patients, and researchers worldwide. 

Doxy.me is looking for a Web Application Security Engineer motivated by unique, interesting, meaningful challenges in the healthcare sector. What you will do affects hundreds of thousands doctors and patients every single day. You will perform important day-to-day activities in the platform security area that ensure that doxy.me’s code is secure and controls are operating efficiently and effectively. You will be working with the Security and Development teams to ensure our product is safe from malicious activity, vulnerabilities and accidental disclosure. This role will help build and advise on the systems and frameworks we use to keep the product safe. We're focused on secure-by-design frameworks, least privilege access, detection and alerting, and eliminating bugs.

About the company

Doxy.me is the simple, free, and secure telemedicine solution used by over 700,000 healthcare providers worldwide. Its mission is to eliminate barriers to telemedicine like cost and accessibility, so the company is constantly striving to make doxy.me more accessible to everyone, everywhere. With over 500,000 telemedicine calls made through the company’s platform every day, there are millions of people relying on doxy.me to simplify their healthcare services.

Doxy.me Culture

  • Collaborative. We have multiple cross-functional teams that work together to make our platform the best it can be. Our engineers enjoy being involved in identifying problems and exploring potential solutions.

  • Empathetic. We listen to and strive to understand the patients and providers that depend on our work. Millions of people depend on our products to solve their very real health problems every day!

  • Empowering. We are building products, where your ideas and expertise can help revolutionize the healthcare industry. We encourage our engineers to spearhead projects and ideas. Our employees have the power to create change!  

 

What Will You Do

  • Serve as the subject-matter expert for application security, providing guidance to Development, DevOps and Product teams

  • Design and implement SSDLC practices including secure code reviews, static/dynamic code analysis, and vulnerability assessments

  • Raise security awareness by pointing out potential security vulnerabilities and their potential impacts, during code reviews

  • Implement continuous monitoring systems and tools to automatically identify potential security issues at the code, application and infrastructure layers

  • Drive security improvements to production cloud environments

 

Doxy.me Expectations

  • Ability to dissect new systems, product requirements, features to identify and develop security requirements

  • Expertise in secure coding and performing automated or manual static analysis (Javascript preferable)

  • Hands-on experience in conducting penetration testing and vulnerability assessment

  • Hands-on experience in configuring and hardening cloud-based infrastructure (AWS preferable)

  • Familiar with Agile software development methodologies, DevOps practices and tools

  • Working experience with application security tools such as vulnerability scanners, SAST/DAST/IAST, Checkmarx. Snyk, Veracode or SonarQube

  • Knowledge of OWASP Top Ten, NIST, Mitre ATT&ck Framework., etc.

  • Good to have, but not required: security certifications such as OSCP, CEH, GWAPT, etc
     

Quick Info

  • Benefits: 20 days paid time off, sick leave, flexible public holidays, extensive educational program, Macbook, health insurance, office hub in Kyiv (Podil), remote working environment

  • Doxy.me tech stack: 

    • React, Node.js, Typescript, WebRTC, Loopback 4, AWS, Kubernetes, Docker, AngularJS

    • 3rd party: Tokbox, Pubnub, Segment, Twilio, Stripe

  • Our products: 

    • Doxy.me: The simple, free, and secure telemedicine solution currently used by over 700000 doctors worldwide and helping over 500000 patients/day. 

    • dokbot.io: Patient-focused data collection for healthcare. 

    • ItRunsInMyFamily.com: Using health history to identify the risks of cancer and other diseases that run in families

  • Our team: technologists, academics, researchers, and innovators from all over the world. English is the language used in all internal communication.

 

Interviewing process:

  1. 30-min general conversation with Recruitment Partner Mariia Dvornikova or Olga Karasevych

  2. 1.45-hour block of competencies-based interview with the Director of Development Andrey Zhupanenko (30 min), Agile Coach Kate Semenova and Scrum Master Polina Geraschenko (45 min), VP of Information Security Kevin Erickson (30 min)

  3. 1.15-hour technical interview/Live code review with Practice Lead Backend Kyle Jones and VP of Information Security Kevin Erickson 

We use doxy.me as video conferencing tool for all interviews

To ensure HIPAA compliance, we do a candidate’s background check after extending a job offer.

We look forward to hearing from you! :)

Apply for vacancy