Senior Security Software Engineer

  • 75 State St, Boston, MA 02109, USA
  • Full-time

Company Description

American Well, a leading telehealth platform in the US, is seeking a highly motivated and professional individual with expertise in Engineer. At American Well, we believe digital care delivery will transform healthcare. Our mission is to connect and enable providers, insurers, patients, and innovators to deliver greater access to more affordable, higher quality care. We do this by partnering with our clients to deliver video visits over mobile and web. We have doctors, therapists, and specialists on staff to help people get care when and where they need it most.

Brief Overview:

The Senior Security Software Engineer will play a critical role in the Engineering department by ensuring and supporting efforts to improve the security of American Well solutions.  Specifically, the Senior Security Software Engineer will collaborate with the development team to assess security and resolve and test vulnerabilities. This is a highly creative and collaborative role that provides the right candidate with a unique opportunity to guide the development and testing of an industry leading TeleHealth platform.  This position is based in our headquarters in Boston. Specifically, the Senior Security Software Engineer will:

Job Description

  • Work closely with the development team to build an expert understanding of the architecture and operation of our platform to fully validate our security model and protections
  • Ensure compliance with security best practices for new feature development through code reviews and testing
  • Create and maintain the security testing framework and associated security testing strategies (both manual and automated)
  • Execute security scans, collect and analyze results, report on results, and propose remediation solutions for security vulnerabilities in various stages of product development.   Establish initial baseline, create roadmap for remediation, and proactively prevent new vulnerabilities during development. 
  • Promote security development and testing best practices and provide guidance to engineers.  Conduct regular info sessions for the engineering team on best practices, common pitfalls, and new vulnerabilities, threats, and trends. Evangelize security and create security awareness across Engineering integrating security into the development lifecycle
  • Research and implement new security testing and analysis tools and techniques
  • Regularly audit and report on known vulnerabilities in 3rd party libraries
  • Collaborate with other engineers to resolve and test security vulnerabilities
  • Provide support to our operational security team on regular internal and 3rd party security audits


  • 3+ years of enterprise experience with security testing of highly distributed complex data-driven web applications
  • Demonstrated detailed technical knowledge of techniques, standards and state-of-the-art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
  • Demonstrated expertise of the relevant client/server technologies (Web applications, Web services, Relational databases) and of related network/web protocols
  • Application development background with software design expertise and platform security knowledge (Java and J2EE, Objective C, Javascript/browsers)
  • Expertise with security testing tools and techniques including static source code analysis, dynamic scanning, third-party dependency scanning and other penetration types of security tests (WebScarab, Fortify, AppScan, Burp, Nessus, Nexpose, OWASP dependency tracker, etc.)
  • Experience with automating security tools with CI processes (Jenkins, Semaphore, etc.)
  • Experience with Black Duck or other security audit tools
  • Experience with threat modelling and participating in security design reviews
  • Experience with mobile platforms is a plus (iOS, Android)
  • Experience working in an Agile environment
  • Excellent communication skills
  • Highly energetic, responsible, organized, self-disciplined, self-motivated, able to work with little or no supervision
  • BS/MS degree in Computer Science or Electrical Engineering

Additional Information

Your Team:

Should you join American Well and the Engineering team, you can expect:

The development organization is a multi-disciplinary team of engineers dedicated to creating a state of the art TeleHealth experience on every platform we can get our hands on. Our cross-functional teams follow a pragmatic Agile methodology as we balance feature requests, strategic initiatives, tech debt, and exciting partnerships on the path to delivering a market leading product to a quickly growing customer base. We work hand in hand with the whole American Well organization to ensure that our product meets the needs of all of our users.

Whether you’re an advocate for the latest and greatest iOS and Android features, are committed to the ideal back-end architecture, or are dedicated to providing the best web usability, we have a place for you on our team.

Working at American Well

American Well is changing how care is delivered through online and mobile technology. We strive to make the hard work of healthcare look easy. In order to make this a reality, we look for people with a fast-paced, mission-driven mentality. We’re a go-getter culture that prides itself on quality, efficiency, smarts, initiative, creative thinking, and a strong work ethic. Our corporate headquarters are located in downtown Boston at 75 State Street –in the heart of the city. In addition to the opportunity to build the future of healthcare technology and a great location, we offer:

•       Unlimited Personal Time Off (Vacation time)

•       401K match

•       Competitive healthcare, dental and vision insurance plans

•       Free gym access – on-site

•       Prime office space with views overlooking all of Boston

•       Complimentary snacks and drinks