Zocdoc is the country’s leading digital health marketplace that helps patients easily find and book the care they need. As an Application Security Engineer, you will play a key role in supporting secure software development by collaborating with Compliance, Security, and Engineering teams to enhance application security governance and ensure the integration of security measures throughout the development lifecycle.
Responsibilities:
- Serving as an accessible point of contact for engineering squads, helping teams understand and follow secure development lifecycle guidelines
- Assisting developers in reviewing and interpreting alerts from static analysis and software composition analysis tools, including helping distinguish true vulnerabilities from false positives
- Providing clear, actionable guidance on remediating common application security vulnerabilities, including issues aligned to the OWASP Top 10
- Helping maintain internal security documentation, developer playbooks, and secure coding training materials so that compliance expectations are clear and achievable
- Supporting application security governance by tracking key security milestones and organizing technical evidence from repositories and deployment pipelines for compliance audits
- Monitoring application security metrics, including vulnerability patch timelines and policy exceptions, to support regular leadership reporting
- Working with cutting-edge GenAI tools and technology while supporting AI governance frameworks and helping ensure AI-enabled workflows align with privacy and security guardrails
Requirements:
- Meaningful experience in an information security role, software engineering position, or IT audit function with an application security focus
- A foundational understanding of software development processes and how security fits into agile environments
- Familiarity with code review concepts and comfort reading at least one major language used in cloud environments, such as Python, JavaScript, Go, or Java
- Basic exposure to cloud environments such as AWS, GCP, or Azure, along with an understanding of Git workflows
- A conceptual understanding of vulnerability categories and web application security standards
- An interest in emerging technology trends, especially AI security risks and automated workflows
- Required: the ability to integrate generative AI tools into daily workflows to automate tasks, foster innovation, and maximize productivity
- Superb communication skills, humility, and a collaborative approach to supporting stakeholders across engineering and security
- A degree in Computer Science, Cybersecurity, or a related technical field is preferred, though equivalent hands-on experience or certifications such as Security+, GSEC, or CEH are also highly valued