All openings

Senior Application Security Engineer

Chicago, IL, San Francisco, CA, Washington, D.C.

Here at Rally we believe in teamwork, communication, trust and not taking ourselves too seriously. We believe in supporting personal growth and the importance of nurturing an outstanding culture. We need to do a lot with a small team, so it's important to use the right tools for the right job and be willing to change down the line if we find a more efficient solution. We also believe in "strong opinions, weakly held," being humble, and accepting and giving feedback.

We are looking for an experienced software engineer who is an application security specialist with in-depth understanding of major security risks in web and mobile applications. Your focus will be finding and fixing vulnerabilities, promoting security standards, and solving security problems with engineering solutions on both the front- and the back-end. You will provide recommendations of countermeasures that could be used to reduce risks and mitigate consequences for those risks. You'll also working closely with feature development teams throughout the entire lifecycle to ensure that security concerns are taken into account during the design, implementation, review and deployment phases. You will be helping to guide our security training program for engineering and beyond to help Rally accomplish its security goals, and will help guide the overall direction of the application security roadmap.

General Responsibilities

  • You will become an expert in the Rally Health software stack and understand points of high risks and vulnerability
  • Measurably improve our internal software development lifecycle
  • Enable automated security testing at scale to measure vulnerability and report on security risk across applications
  • Collaborate with internal product and engineering teams to address systemic security issues
  • You'll participate in all phases of software development to ensure timely risk evaluation and mitigation
  • Maintain application security tools and services and ensure quality
  • You can evangelize security in partnership with existing security advocates within the development organization through awareness proliferation activities such as mentoring, engineer onboarding, and training
  • Manage vulnerability discovery and resolution efforts

Key Qualifications

  • You have experience with internet applications on multiple languages/platforms (we use Scala on the backend)
  • You have development experience across all phases from design to delivery
  • Command of web application threat modeling and risk assessment
  • You are experienced with web application security topics such as OWASP Top 10, CWE Top 25, and authentication infrastructure (SAML, OAuth)
  • Experience in building application security in cloud-based and virtualized environments that rely on out-of-the-box cloud tools/services (Amazon IAM, KMS, VPC, and others)
  • You have experience implementing, running and maintaining security testing tools and/or processes to reliably identify security issues, such as XSS, CSRF, SQL injection, and business logic flaws across large code bases (SAST, DAST, penetration testing, Security Unit Testing, and more)
  • Command of back-end security topics including secret management and service authentication (TLS/SSL, Kerberos, and others)
  • You have expertise in understanding and controlling security feature impact on application performance and team velocity

Experience and education:

  • B.S. Computer Science or equivalent
  • 4+ years in the field of software security
  • 5+ years software engineering experience


  • Experience in healthcare security, controls, and certifications
  • Experience in leading secure software development trainings
  • Participation in open source or well-known security-related projects

Rally Health is committed to ensuring that its workforce reflects America’s diverse population. Rally Health knows that such diversity will enrich us with the talent, energy, perspective and inspiration it needs to achieve its mission. Rally Health believes in a policy of equal employment and opportunity for all people based on merit and commitment to the principles of diversity. It is our policy to recruit, hire, train, and promote individuals in all job titles, and administer all programs, without regard to race, color, religion, national origin or ancestry, citizenship, sex, age, marital status, pregnancy, childbirth or related medical conditions, personal appearance, sexual orientation, gender identity or expression, family responsibilities, genetic information, disability, matriculation, political affiliation, veteran status, union affiliation, or any other category protected by applicable federal, state or local laws.

Individuals with disabilities and veterans are encouraged to apply. Applicants who require an accommodation related to the application and/or review process should notify

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.