Senior Security Engineer

Rally Health, Inc. helps people take an active role in their health care. We use clinical data, customized recommendations, and continual rewards to help consumers make positive lifestyle choices and navigate every touchpoint of the health care continuum. With offices in Washington, D.C., San Francisco, and Chicago, Rally Health features an executive team that has been working to transform the industry since 2010.

* Set the technical direction of the Rally application security team * Evangelize security across the engineering team and beyond * Teach complex security concerns to engineering and operations * Develop and execute application security policies and procedures * Mentor junior team members * Proactively identify, troubleshoot, and resolve vulnerabilities * Participate in incident response and management * Ensure application is compliant with HIPAA as well as with security best practices

**What you bring:** * Passion for information security * 5+ years of experience as a professional software engineer * 2+ years of experience as a software engineer with an emphasis on information security or an advanced degree in information security * Expert-level knowledge of a compiled language (i.e Scala, Java, C, C++, or Objective-C) * Advanced Javascript experience - especially security engineering in Javascript * Experience with web application security and common exploits * Extensive experience with either relational or non-relational databases * Experience with DevOps and SIEM tools (i.e. Chef, Splunk, and Vagrant) * Familiarity with Angular.js and its common security pitfalls * Automated testing using Selenium, Cucumber, or another framework * Awareness of latest security issues and technologies, including testing tools and techniques * Understanding of service-oriented architecture and security issues it presents * Great communications skills with technical as well as non-technical staff **Even better if you have:** * Professional experience with Scala * Advanced degree in CS or equivalent field * Knowledge of HIPAA and how it applies to information security * Experience leading an engineering team * CISSP, CISM, CISA, CEH, CEPT, GIAC or other IS certifications