All openings

Senior Application Security Engineer

Chicago, IL, San Francisco, CA, Washington, D.C.

Rally Health is all about putting health in the hands of the individual. It’s our mission, and it drives everything we do, which is to empower people with easy-to-use online and mobile tools that help them take charge of their health and health care, from improving their diet and fitness to selecting health benefits, and choosing the right doctor at the right price for their needs.

Our culture is built on a deep and sincere commitment to helping people live healthier lives. To do this, we are committed to innovating at every level. As our president and COO David Ko says, “We are a company that continuously innovates. It cannot end. It has to be in everything we do, which means that some of the things we’re going to do are not going to work – and that’s okay. We’re not trying to build something that is churn and burn. We’re building something that follows consumers over their lifetime.”

One of the key elements we’re looking for is a knack for dealing with multiple sprint teams and codebases. You will also need to be able to ramp up quickly in various development patterns and processes. This role will have a high level of autonomy, and a large impact on our rapidly growing security organization.

Here at Rally we believe in teamwork, communication, trust and not taking ourselves too seriously. We believe in supporting personal growth and the importance of nurturing an outstanding culture. We need to do a lot with a small team, so it's important to use the right tools for the right job and be willing to change down the line if we find a more efficient solution. We also believe in "strong opinions, weakly held," being humble, and accepting and giving feedback.

We are looking for an experienced software engineer who is an application security specialist with in-depth understanding of major security risks in web and mobile applications. Your focus will be finding and fixing vulnerabilities, promoting security standards, and solving security problems with engineering solutions on both the front- and the back-end. You will provide recommendations of countermeasures that could be used to reduce risks and mitigate consequences for those risks. You'll also working closely with feature development teams throughout the entire lifecycle to ensure that security concerns are taken into account during the design, implementation, review and deployment phases. You will be helping to guide our security training program for engineering and beyond to help Rally accomplish its security goals, and will help guide the overall direction of the application security roadmap.


  • You will become an expert in the Rally Health software stack and understand points of high risks and vulnerability
  • Measurably improve our internal software development lifecycle
  • Enable automated security testing at scale to measure vulnerability and report on security risk across applications
  • Collaborate with internal product and engineering teams to address systemic security issues
  • You'll participate in all phases of software development to ensure timely risk evaluation and mitigation
  • Maintain application security tools and services and ensure quality
  • You can evangelize security in partnership with existing security advocates within the development organization through awareness proliferation activities such as mentoring, engineer onboarding, and training
  • Manage vulnerability discovery and resolution efforts

Key Qualifications:

  • You have experience with internet applications on multiple languages/platforms (we use Scala on the backend)
  • You have development experience across all phases from design to delivery
  • Command of web application threat modeling and risk assessment
  • You are experienced with web application security topics such as OWASP Top 10, CWE Top 25, and authentication infrastructure (SAML, OAuth)
  • Experience in building application security in cloud-based and virtualized environments that rely on out-of-the-box cloud tools/services (Amazon IAM, KMS, VPC, and others)
  • You have experience implementing, running and maintaining security testing tools and/or processes to reliably identify security issues, such as XSS, CSRF, SQL injection, and business logic flaws across large code bases (SAST, DAST, penetration testing, Security Unit Testing, and more)
  • Command of back-end security topics including secret management and service authentication (TLS/SSL, Kerberos, and others)
  • You have expertise in understanding and controlling security feature impact on application performance and team velocity

Experience and Education:

  • B.S. Computer Science or equivalent
  • 4+ years in the field of software security
  • 5+ years software engineering experience


  • Experience in healthcare security, controls, and certifications
  • Experience in leading secure software development trainings
  • Participation in open source or well-known security-related projects

Why join Rally? On top of an innovative work atmosphere and a chance to help people change their lives, we offer competitive pay, daily catered lunches, and an extensive benefits package for all full-time employees (including medical, dental, vision and 401(k)). In addition, offer the ability to grow, while truly making an impact in the healthcare system.

Rally Health is committed to ensuring that its workforce reflects America’s diverse population. Rally Health knows that such diversity will enrich us with the talent, energy, perspective and inspiration it needs to achieve its mission. Rally Health believes in a policy of equal employment and opportunity for all people based on merit and commitment to the principles of diversity. It is our policy to recruit, hire, train, and promote individuals in all job titles, and administer all programs, without regard to race, color, religion, national origin or ancestry, citizenship, sex, age, marital status, pregnancy, childbirth or related medical conditions, personal appearance, sexual orientation, gender identity or expression, family responsibilities, genetic information, disability, matriculation, political affiliation, veteran status, union affiliation, or any other category protected by applicable federal, state or local laws.

Individuals with disabilities and veterans are encouraged to apply. Applicants who require an accommodation related to the application and/or review process should notify Talent Acquisition (

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.