What are the responsibilities and job description for the Application Security Engineer position at AKASA?
About AKASA
At AKASA, our mission is to build the future of healthcare with AI. As the leading provider of generative AI solutions for the healthcare revenue cycle, we help health systems comprehensively capture and communicate the full patient clinical journey. By empowering health systems to streamline their operations, they can focus on what matters most - delivering quality patient care. We have raised over $205M in funding from investors such as Andreessen Horowitz, BOND, and Costanoa Ventures.
This is the most exciting time to join AKASA. Revenue bookings for our new AI-native product suite have grown over 20x since launching in 2024. In this time, we have broken our record for the largest deal in company history three times consecutively. This growth is driven by the massive improvement we are generating for our customers across clinical quality and documentation accuracy, both top priority areas for health system leaders.
Our deployments have been recognized nationally as "one of the most comprehensive real-world uses of GenAI in healthcare finance to date" (link). Our customer base represents more than $120B in net patient revenue and includes the most innovative health systems in the country, like Cleveland Clinic, Duke, Stanford, and Johns Hopkins.
Some of our recent recognitions include being named one of America's Top Startup Employers 2026 by Forbes, #1 most promising healthcare RCM startup of 2025 by Black Book Market Research, and one of the fastest-growing GenAI startups to watch by AIM Research. Our CEO was ranked among the “Top 50 Healthcare Technology CEOs” by the Healthcare Technology Report, and we have been certified as a “Great Place to Work” for the past 6 years in a row.
We’re building on this momentum to redefine what’s possible in healthcare. We’re looking for exceptional people to help us accelerate that reality.
The opportunity
We’re hiring an Application Security Engineer to work hands-on with our engineering teams to find and fix vulnerabilities, harden our applications, and keep security woven into how we build software. This is a practitioner role; you’ll spend your time in code, in tooling, and in design reviews, not writing strategy decks or managing people.
You’ll report to our security leadership and collaborate daily with developers across the stack. The systems you help protect handle sensitive patient data, so the work carries real weight.
What You’ll Do
We’re committed to doing the best work of our lives, together. Come see if we're the right team for you.
AKASA is a proud equal opportunity employer and we believe that a diverse and inclusive workforce is an imperative. We welcome people of different backgrounds, genders, races, ethnicities, abilities, sexual orientations, and perspectives, just to name a few. We do not discriminate based upon any protected class and we encourage candidates of all identities and backgrounds to apply. AKASA considers qualified applicants regardless of criminal histories in accordance with the San Francisco Fair Chance Ordinance.
AKASA is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at recruiting@akasa.com.
At AKASA, our mission is to build the future of healthcare with AI. As the leading provider of generative AI solutions for the healthcare revenue cycle, we help health systems comprehensively capture and communicate the full patient clinical journey. By empowering health systems to streamline their operations, they can focus on what matters most - delivering quality patient care. We have raised over $205M in funding from investors such as Andreessen Horowitz, BOND, and Costanoa Ventures.
This is the most exciting time to join AKASA. Revenue bookings for our new AI-native product suite have grown over 20x since launching in 2024. In this time, we have broken our record for the largest deal in company history three times consecutively. This growth is driven by the massive improvement we are generating for our customers across clinical quality and documentation accuracy, both top priority areas for health system leaders.
Our deployments have been recognized nationally as "one of the most comprehensive real-world uses of GenAI in healthcare finance to date" (link). Our customer base represents more than $120B in net patient revenue and includes the most innovative health systems in the country, like Cleveland Clinic, Duke, Stanford, and Johns Hopkins.
Some of our recent recognitions include being named one of America's Top Startup Employers 2026 by Forbes, #1 most promising healthcare RCM startup of 2025 by Black Book Market Research, and one of the fastest-growing GenAI startups to watch by AIM Research. Our CEO was ranked among the “Top 50 Healthcare Technology CEOs” by the Healthcare Technology Report, and we have been certified as a “Great Place to Work” for the past 6 years in a row.
We’re building on this momentum to redefine what’s possible in healthcare. We’re looking for exceptional people to help us accelerate that reality.
The opportunity
We’re hiring an Application Security Engineer to work hands-on with our engineering teams to find and fix vulnerabilities, harden our applications, and keep security woven into how we build software. This is a practitioner role; you’ll spend your time in code, in tooling, and in design reviews, not writing strategy decks or managing people.
You’ll report to our security leadership and collaborate daily with developers across the stack. The systems you help protect handle sensitive patient data, so the work carries real weight.
What You’ll Do
- Perform secure code reviews, threat modeling, and security design reviews for new features and services.
- Use AI to automate tooling like SAST, DAST, SCA, secret scanning, and container scanning tools across our CI/CD pipelines.
- Use AI to triage and validate vulnerability findings from automated tools, penetration tests, and bug bounty submissions. Track remediation to closure.
- Work directly with engineering squads to fix security issues, helping developers understand the “why” and the fix, not just the finding.
- Support third-party penetration tests: scoping, coordination, triage, and follow-through on results.
- Contribute to developer security guides and training grounded in our actual codebase and stack.
- Help maintain and improve our vulnerability management workflows and tracking using AI.
- Support compliance work related to HIPAA and SOC 2 where it touches application and data security.
- Stay current on the threat landscape and flag emerging risks relevant to our technology and industry.
- 5 years of experience in application security.
- You’ve written production code and can read, review, and critique code in at least one modern language (Python, Go, Java, TypeScript, etc.).
- Solid working knowledge of common vulnerability classes (OWASP Top 10, injection attacks, auth flaws, insecure deserialization, etc.) and how to fix them.
- Hands-on experience with threat modeling and secure code review—you’ve done these against real systems, not just studied them.
- Experience working with security tooling in CI/CD pipelines (SAST, SCA, secret scanning, GitHub Actions, etc.).
- Familiarity with cloud environments (AWS) and container/Kubernetes basics from a security angle.
- Working understanding of auth standards (OAuth 2.0, OIDC, SAML) and API security concepts (REST, GraphQL).
- You’re collaborative, you’d rather help a developer fix something than file a ticket and walk away.
- You communicate clearly. You can explain a vulnerability to an engineer and to a product manager without losing accuracy.
- You’re organized enough to juggle multiple findings and remediation efforts across teams without things slipping.
- You’re comfortable asking questions and navigating ambiguity in a fast-moving environment.
- You care about the mission; these systems handle patient data, and that responsibility resonates with you.
- Experience in healthcare or health-tech; familiarity with HIPAA Security Rule requirements.
- Exposure to compliance frameworks like SOC 2 Type II, HIPAA, or HITRUST.
- Experience at a company where you’ve worn multiple hats.
- Relevant certifications (OSCP, CSSLP, CEH)—nice signal, not a gate.
- Real impact—the code you secure protects patient data at major health systems nationwide.
- A collaborative engineering culture where security is valued, not treated as an afterthought.
- Hybrid model with focus time and in-person days (Wed & Thu in South San Francisco).
- Flexible PTO, expansive health/dental/vision (including 100% free options), HSA contributions, generous parental leave, life insurance, home office stipend, cell/internet reimbursement, company holidays, and 401(k).
- Flexible paid time off (PTO)
- Expansive coverage for health, dental, and vision
- Employer contribution to Health Savings Accounts (HSA)
- Generous parental leave policy
- Full employee coverage for life insurance
- Home office stipend
- Cell phone/internet reimbursement
- Company-paid holidays
- 401(K) plan
- Based on geo, market data, and other factors, the salary range for this position is $205,000-$275,000 Equity. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description.
We’re committed to doing the best work of our lives, together. Come see if we're the right team for you.
AKASA is a proud equal opportunity employer and we believe that a diverse and inclusive workforce is an imperative. We welcome people of different backgrounds, genders, races, ethnicities, abilities, sexual orientations, and perspectives, just to name a few. We do not discriminate based upon any protected class and we encourage candidates of all identities and backgrounds to apply. AKASA considers qualified applicants regardless of criminal histories in accordance with the San Francisco Fair Chance Ordinance.
AKASA is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at recruiting@akasa.com.
Salary : $205,000 - $275,000