Alma is on a mission to simplify access to high-quality, affordable mental health care. We do this by making it easy and financially rewarding for therapists to accept insurance and offer in-network care. When a provider joins Alma, they gain access to a suite of tools that not only help them better run their business, but also grow it sustainably and develop as a provider. Alma is available in all 50 states, with over 20,000 therapists in our growing network. Anyone looking for a therapist can browse Alma’s free directory. Alma has raised $220.5M in funding from Insight Partners, Optum Ventures, Tusk Venture Partners, Primary Venture Partners, First Round Capital, Sound Ventures, BoxGroup, Cigna Ventures, and Rainfall Ventures. Alma was also named one of Inc’s Best Workplaces in 2022 and 2023.

Website
Job Board
Values
Candidate Interview Guide

Senior Application Security Engineer 

Alma is seeking a mission-driven Senior Application Security Engineer to join our team. We are dedicated to building secure and compliant tools and services which help mental healthcare providers more easily manage and grow their practice. In this role, you will help validate that our services, applications and web technologies are designed and implemented in a way that meets Alma’s security standards. You will help analyze, discover, and address security issues across our technical platform.

On this scaling team, you will have a strong hand in defining how Alma's engineering team approaches application security in the software development process. The ideal person for this role loves to work with other teams to design and build amazing security controls and automation.  

What you’ll do:

  • Develop, execute, and track the performance of security measures to protect Alma’s data, applications, and systems.
  • Gain a deep understanding of Alma’s systems and architecture and the software development processes used to develop it.
  • Provide subject matter expertise in the areas of secure coding, application authentication, encryption, and quickly research and become competent in other areas as needed.
  • Collaborate with teammates, PMs, and peers to design, develop and implement engineering’s technical security strategy and architecture.
  • Collaborate with the Platform Infrastructure team to configure, troubleshoot, and maintain a security infrastructure that monitors and protects against security breaches and intrusions.
  • Continually research current and emerging security threats and technologies and develop the appropriate technical solutions with the latest security tools to mitigate threats and security vulnerabilities as well as automate repeatable activities and propose impactful changes and guidance to all of these areas.
  • Build and provide high-quality application security documentation and educate and train Alma engineers on information system security best practices.
  • Mature and execute the Threat Modeling program with engineers.
  • Implement, manage, and maintain application security tools such as a WAF, SAST, and DAST scanners and own the workflow for remediation of findings.

Who you are:

  • You have 4-7 years of experience working in an application security role, including familiarity with common security libraries and tools, and an expert knowledge of web application protocols.
  • You strongly understand security best practices for the development lifecycle (SDLC).
  • You have deep technical knowledge of Content Security Policies (CSP) and how to implement them.
  • You have expert understanding of application security testing tools like OWASP ZAP and Burpsuite.
  • You have experience writing code and scripts for application security testing.
  • You have expert understanding of the OWASP Top 10 and other application attacks.
  • You have experience installing and running a local developer environment for local testing of code.
  • You have deep technical knowledge of application development, operating system environments, and AWS cloud infrastructure as they pertain to application security.
  • You have personally implemented/managed SAST and DAST tools such as StackHawk and Snyk.
  • You have experience identifying security issues through threat modeling and code reviews.
  • You have experience building and maintaining security systems that can scale, with high levels of automation while fully owning projects from inception to completion.
  • You have strong communication skills and can convey complex technical topics to non-technical stakeholders clearly and concisely.
  • You enjoy user-centered software development and actively work closely with a team of engineers, designers, and product managers.

Benefits:

  • We’re a remote-first company
  • Health insurance plans through Cigna (medical and dental) and MetLife (vision), including FSA and HSA plans
    401K plan (Roth and traditional)
  • Monthly therapy and wellness stipends
  • Monthly co-working space membership stipend
  • Monthly work-from-home stipend
  • Financial wellness benefits through Northstar
  • Pet discount program through United Pet Care
  • Financial perks and rewards through BenefitHub
  • EAP access through Cigna
  • One-time home office stipend to set up your home office
  • Comprehensive parental leave plans
  • 11 paid holidays, 1 Alma Mental Health Day, and 1 Alma Volunteering Day
  • Flexible PTO 

Salary Band: $160,000 - $200,000 

Alma’s compensation philosophy is driven by our company value of building equity. To best ensure pay equity, we typically bring in new hires near the middle of our listed salary bands and we do not negotiate our compensation (i.e. all people hired at the same level & role are brought in at the same salary, equity, and benefits). The recruiter you work with can provide more details on our philosophy.

All Alma jobs are listed on our careers page. We do not use outside applications or automated text messaging in our recruiting process. We will not ask for any sensitive financial or identification information throughout the recruiting process. Any communication during the recruitment process, including interview requests or job offers, will come directly from a recruiting team member with a helloalma.com email address.

Apply for this Job

* Required
resume chosen  
Dropbox Google Drive
(File types: pdf, doc, docx, txt, rtf)
Cancel
cover_letter chosen  
Dropbox Google Drive
(File types: pdf, doc, docx, txt, rtf)
Cancel
Diversity, Equity and Inclusion at Alma

At Alma, we work hard to bring together people from a vast set of backgrounds and identities. We aspire to champion diversity, amplify inclusive cultures and build equitably. 

Submitting the below information is optional and your answers will not be attached to your applicant profile. All answers are compiled into an anonymous dataset and will only be seen from a macro point of view to help us inform our Diversity, Equity & Inclusion (DEI) strategy and efforts. This information will not be used as selection criteria nor will it be used as any basis in connection with any decisions regarding your candidacy.  We take our DEI efforts seriously, and we would greatly appreciate your participation. Of course, you are welcome to opt out of submitting this information and there will be no consequences for your decision not to share this information.

Glossary of terms

  • Gender is personal (how we see ourselves), while sexual orientation is interpersonal (who we are physically, emotionally and/or romantically attracted to).
  • Race refers to the concept of dividing people into groups on the basis of various sets of physical characteristics and the process of ascribing social meaning to those groups. In this demographic survey, race is self-identified. Race differs from ethnicity in that commonalities such as national origin, tribal heritage, religion, language, and culture can describe someone’s ethnicity. People of any race may be of any ethnic origin. [1] [2] [3]
  • Nationality refers to the status of belonging to a particular nation, whether by birth or naturalization. It describes a legal relationship between an individual person and a political state. E.g.: American, Canadian. [1]
  • Two-Spirit is a modern pan-Native American umbrella term. Indigenous individuals may use the term Two-Spirit to reclaim traditions related to gender identity, gender expression, sexual orientation, spiritual identity, and/or traditional roles. [1] [2]
Gender (mark all that apply)









Sexual Orientation (mark all that apply)










Race (mark all that apply)








Are you of Hispanic, Latino/a/x, or of Spanish origin? (mark all that apply)




Disability Status (mark all that apply)




Veteran Status (Select one)



Enter the verification code sent to to confirm you are not a robot, then submit your application.

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.