Application Security Engineer

About us :

Foodsmart is the leading telenutrition and foodcare solution, backed by a robust network of Registered Dietitians. Our platform is designed to foster healthier food choices, drive lasting behavior change, and deliver long-term health outcomes. Through our highly personalized, digital platform, we guide our 2.2 million members—including those in employer-sponsored health plans, regional and national Medicaid managed care organizations, Medicare Advantage plans, and commercial insurers—on a tailored journey to eating well while saving time and money.

Foodsmart seamlessly integrates dietary assessments and nutrition counseling with online food ordering and cost-effective meal planning for the entire family, optimizing ingredients both at home and on the go. We partner with national and regional retailers across the U.S., many of whom accept SNAP / EBT, making healthier food more accessible. Additionally, we assist members with SNAP enrollment and management, providing tangible access to nutritious food.In 2024, Foodsmart secured a $200 million investment from TPG’s Rise Fund, which supports entrepreneurs dedicated to achieving the United Nations’ Sustainable Development Goals. This investment will help us expand our reach, particularly to low-income workers who are disproportionately affected by diet-related diseases.

At Foodsmart, our mission is to make nutritious food accessible and affordable for everyone, regardless of economic status. We are committed to a set of core values that shape our culture and work environment :

⚖️ Measured : We make data-driven, truth-seeking decisions.

💥 Impactful : We are fueled by achieving our mission and vision.

🙏 Collaborative : We help each other be better and create a positive environment.

📈 Hungry : We maintain a healthy growth mindset, seeking to overcome challenges with courage.

😊 Joyful : We take joy in each other, our work, and the privilege of doing this work.

Whether you're a dietitian, a commercial leader, or a technologist, working at Foodsmart means being part of a team that is passionate, supportive, and driven by a shared purpose. Join us in transforming the way people access and enjoy healthy food.

About the role :

We are seeking an Application Security Engineer who will work at the intersection of security, DevOps, and development to ensure security is embedded throughout our SDLC. This role requires deep technical expertise in secure code review, static and dynamic application security testing (SAST / DAST), and infrastructure governance, especially in the segregation of environments, separation of duties, and branch protection in source control systems.

You will :

Code & Application Security

• Conduct manual and automated code reviews to identify security vulnerabilities (e.g., XSS, SQLi, logic flaws).
• Define and implement SAST and DAST pipelines using tools such as SNYK, Checkmarx, Fortify, OWASP ZAP, or Burp Suite.
• Collaborate with development teams to remediate vulnerabilities and educate on secure coding standards (e.g., OWASP Top 10).

DevSecOps & CI / CD Pipeline Security

Infrastructure & Environment Segregation

Governance & Policy Enforcement

Tooling & Automation

You have :

Preferred Qualifications

Key KPIs / Metrics of Success