Software Engineer – Application Security

Engineering Redwood City, California


Who are we?

HeartFlow is a Software as a Service (SaaS) medical device company that is revolutionizing the treatment of coronary artery disease. Come and join our world-class engineering team in the development and testing of our scalable platform to compute medical images on the Amazon Cloud (AWS)! The HeartFlow Technology team operates in an agile environment where all members have a deep passion for learning. The Application Security Engineer will be at the nexus of every component that is needed to operate and secure our complex and advanced product. This position will be key in ensuring both the security and privacy of our customers’ data and results across the globe.


  • Provide security guidance on a constant stream of new products and technologies
  • Conduct regular security assessments
  • Research threats and attack vectors that impact HeartFlow’s product
  • Assess the security of core platform infrastructure
  • Build technologies to detect and prevent security vulnerabilities
  • Build testing tools and platforms to encourage reusable and measurable approaches to assessment
  • Help development teams build security into the HeartFlow platform
  • Impact the product design by providing secure design patterns
  • Provide recommendations for hardening applications and environments
  • Educate and advocate for security improvement throughout the HeartFlow ecosystem

Required Skills

  • Ensuring security and privacy on the internet
  • Amazon Web Services (AWS), or another cloud provider
  • Python, Ruby or equivalent
  • Strong knowledge of Web Technologies, Common Application Anti-Patterns and Solutions, Common Web Security Frameworks
  • Static and dynamic security and penetration testing
  • Web services and RESTful APIs
  • Functional knowledge of cryptography SSL/TLS, AES, SHA-2, Common Implementation Pitfalls
  • Nginx, or equivalent web server
  • Linux, Unix, and Windows systems

About yourself

You are passionate about:

  • Cultivating an efficient and effective, agile environment
  • High quality software, software development and testing processes
  • Owning your work
  • Speaking up when faced with problems or when you disagree
  • Experimenting with state of the art technologies and services
  • Working independently with a high degree of latitude

You want to learn about:

  • Distributed, highly available, resilient systems
  • Software as a Service (SaaS) applications in the medical space
  • State of the art cloud technologies
  • Software engineering excellence
  • Tools development to support 24x7 operations
  • Continuous integration & delivery of medical applications
  • Medical devices, FDA, and working in a regulated environment

Education/Experience Requirements

  • Bachelor’s degree in computer science, or equivalent experience
  • 3+ year(s) of relevant industry experience in a software company, including:
    • 3+ year(s) of experience in software development as an application security engineer
    • 3+ year(s) of experience ensuring security and privacy on the internet

Company Information: 

HeartFlow, Inc. is a medical technology company redefining the way heart disease is diagnosed and treated. Our non-invasive HeartFlow FFRct Analysis leverages deep learning to create a personalized 3D model of the heart. By using this model, clinicians can better evaluate the impact a blockage has on blood flow and determine the best treatment for patients. Our technology is reflective of our Silicon Valley roots and incorporates decades of scientific evidence with the latest advances in artificial intelligence. The HeartFlow FFRct Analysis is commercially available in the United States, Canada, Europe and Japan. For more information, visit

HeartFlow, Inc. is an Equal Opportunity Employer. This company does not and will not discriminate in employment and personnel practices on the basis of race, sex, age, handicap, religion, national origin or any other basis prohibited by applicable law. Hiring, transferring and promotion practices are performed without regard to the above listed items.

Positions posted for HeartFlow are not intended for or open to third party recruiters / agencies. Submission of any unsolicited resumes for these positions will be considered to be free referrals.