• Analyze security vulnerabilities in web and mobile applications, determine risk levels, and drive remediations in collaboration with engineering teams. • Research and report on potential product threats, emerging vulnerabilities, and mitigation techniques relevant to the evolving health tech landscape. • Partner with Engineering and Product stakeholders to integrate security at every stage of the SDLC, championing secure development practices and agile delivery. • Develop and advocate for cost-effective solutions to address complex application and product security challenges. • Implement the adoption of product security standards and best practices across the organization, influencing engineering and architecture decisions. • Routinely test, audit, and assess the security posture of application and cloud infrastructure configurations. • Guide engineering teams in applying secure coding standards, providing resources and actionable feedback to foster a culture of security. • Deploy, optimize, and manage security tooling such as SAST, DAST, Hashicorp Vault, and other industry-leading application security solutions. • Participate in collaborative threat modeling initiatives for new features and evolving services, ensuring proactive risk identification and reduction. • Conduct secure code reviews on services and applications built with modern frameworks and technologies. • Assist in planning and executing targeted penetration tests on new features, identifying and reporting vulnerabilities before production release. • Collaborate on IT security initiatives, partnering with infrastructure and operations teams to review security controls for device management, endpoint protection, access management, and overall IT hygiene. • Engage with Cloud Security efforts by partnering with DevOps and Infrastructure teams to assess, improve, and monitor cloud architecture, security policies, and cloud-native controls to ensure secure deployment and operations of applications and services.