All openings

Senior Application Security Engineer

Chicago, IL, San Francisco, CA, Washington, D.C.

Rally Health is all about putting health in the hands of the individual. It’s our mission, and it drives everything we do, which is to empower people with easy-to-use online and mobile tools that help them take charge of their health and health care, from improving their diet and fitness to selecting health benefits, and choosing the right doctor at the right price for their needs.

Our culture is built on a deep and sincere commitment to helping people live healthier lives. To do this, we are committed to innovating at every level. As our president and COO David Ko says, “We are a company that continuously innovates. It cannot end. It has to be in everything we do, which means that some of the things we’re going to do are not going to work – and that’s okay. We’re not trying to build something that is churn and burn. We’re building something that follows consumers over their lifetime.”


  • You will become an expert in the Rally Health software stack and understand points of high risks and vulnerability
  • Measurably improve our internal software development lifecycle
  • Enable automated security testing at scale to measure vulnerability and report on security risk across applications
  • Collaborate with internal product and engineering teams to address systemic security issues
  • You'll participate in all phases of software development to ensure timely risk evaluation and mitigation
  • Maintain application security tools and services and ensure quality
  • You can evangelize security in partnership with existing security advocates within the development organization through awareness proliferation activities such as mentoring, engineer onboarding and training
  • Lead vulnerability discovery and resolution efforts


  • You have experience with internet applications on multiple languages/platforms (we use Scala on the backend)
  • You have development experience across all phases from design to delivery
  • Command of web application threat modeling and risk assessment
  • You are experienced with web application security topics such as OWASP Top 10, CWE Top 25, and authentication infrastructure (SAML, OAuth)
  • Experience in building application security in cloud-based and virtualized environments that rely on out-of-the-box cloud tools/services (Amazon IAM, KMS, VPC, and others)
  • You have experience implementing, running and maintaining security testing tools and/or processes to expertly identify security issues, such as XSS, CSRF, SQL injection, and business logic flaws across large code bases (SAST, DAST, penetration testing, Security Unit Testing, and more)
  • Command of back-end security topics including secret management and service authentication (TLS/SSL, Kerberos, and others)
  • You have expertise in understanding and controlling security feature impact on application performance and team velocity
  • B.S. Computer Science or equivalent
  • 4+ years in the field of software security
  • 5+ years software engineering experience
  • Experience in healthcare security, controls, and certifications
  • Experience in leading secure software development trainings
  • Participation in open source or well-known security-related projects

Rally Health is committed to ensuring that its workforce reflects America’s diverse population. Rally Health knows that such diversity will enrich us with the talent, energy, perspective and inspiration it needs to achieve its mission. Rally Health believes in a policy of equal employment and opportunity for all people based on merit and commitment to the principles of diversity. It is our policy to recruit, hire, train, and promote individuals in all job titles, and administer all programs, without regard to race, color, religion, national origin or ancestry, citizenship, sex, age, marital status, pregnancy, childbirth or related medical conditions, personal appearance, sexual orientation, gender identity or expression, family responsibilities, genetic information, disability, matriculation, political affiliation, veteran status, union affiliation, or any other category protected by applicable federal, state or local laws.

Individuals with disabilities and veterans are encouraged to apply.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.