American Well Senior Security Software Engineer in Boston, Massachusetts

  • Work closely with the development team to build an expert understanding of the architecture and operation of our platform to fully validate our security model and protections

    • Ensure compliance with security best practices for new feature development through code reviews and testing

    • Create and maintain the security testing framework and associated security testing strategies (both manual and automated)

    • Execute security scans, collect and analyze results, report on results, and propose remediation solutions for security vulnerabilities in various stages of product development. Establish initial baseline, create roadmap for remediation, and proactively prevent new vulnerabilities during development.

    • Promote security development and testing best practices and provide guidance to engineers. Conduct regular info sessions for the engineering team on best practices, common pitfalls, and new vulnerabilities, threats, and trends. Evangelize security and create security awareness across Engineering integrating security into the development lifecycle

    • Research and implement new security testing and analysis tools and techniques

    • Regularly audit and report on known vulnerabilities in 3rd party libraries

    • Collaborate with other engineers to resolve and test security vulnerabilities

    • Provide support to our operational security team on regular internal and 3rd party security audits

    • 3+ years of enterprise experience with security testing of highly distributed complex data-driven web applications

    • Demonstrated detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation

    • Demonstrated expertise of the relevant client/server technologies (Web applications, Web services, Relational databases) and of related network/web protocols

    • Application development background with software design expertise and platform security knowledge (Java and J2EE, Objective C, Javascript/browsers)

    • Expertise with security testing tools and techniques including static source code analysis, dynamic scanning, third party dependency scanning and other penetration types of security tests (WebScarab, Fortify, AppScan, Burp, Nessus, Nexpose, OWASP dependency tracker, etc.)

    • Experience with automating security tools with CI processes (Jenkins, Semaphore, etc.)

    • Experience with Black Duck or other security audit tools

    • Experience with threat modeling and participating in security design reviews

    • Experience with mobile platforms is a plus (iOS, Android)

    • Experience working in Agile environment

    • Excellent communication skills

    • Highly energetic, responsible, organized, self-disciplined, self-motivated, able to work with little or no supervision

    • BS/MS degree in Computer Science or Electrical Engineering


Your Team:

Should you join American Well and the Engineering team, you can expect:

The development organization is a multi-disciplinary team of engineers dedicated to creating a state of the art TeleHealth experience on every platform we can get our hands on. Our cross-functional teams follow a pragmatic Agile methodology as we balance feature requests, strategic initiatives, tech debt, and exciting partnerships on the path to delivering a market leading product to a quickly growing customer base. We work hand in hand with the whole American Well organization to ensure that our product meets the needs of all of our users.

Whether you’re an advocate for the latest and greatest iOS and Android features, are committed to the ideal back-end architecture, or are dedicated to providing the best web usability, we have a place for you on our team.

Working at American Well

American Well is changing how care is delivered through online and mobile technology. We make online doctor visits accessible to everyone for one-off care issues like colds or infections, and chronic condition management, such as diabetes or depression. We make the hard work of healthcare look easy and that requires a mission-driven mentality. We’re a “go getter” culture that pride itself on smarts, initiative, creative thinking, and a strong work ethic.

Our corporate headquarters are located in downtown Boston at 75 State Street –in the heart of the city. In addition to the opportunity to build the future of healthcare technology and a great location, we offer:

• Three weeks of vacation time

• 401K match

• Competitive healthcare, dental and vision insurance plans

• Free gym access – on-site

• Drop-off/pick up dry cleaning service

• Prime office space with views overlooking all of Boston

• Complimentary snacks and drinks