[Remote] Staff, Security Engineer

Note: The job is a remote job and is open to candidates in USA. Fullscript is an industry-leading health technology company on a mission to help people get better. They are seeking a Staff Security Engineer to join their Security Engineering team, responsible for designing and implementing security solutions across their products and platforms while mentoring engineers and influencing security strategy.

Responsibilities

• Lead the design and implementation of security solutions across Fullscript's applications, platforms, and AI-powered systems
• Partner with engineering teams to embed security throughout the software development lifecycle, including architecture reviews, threat modeling, secure coding practices, and design reviews
• Drive application security, product security, and vulnerability management initiatives from concept through implementation
• Own complex security challenges that span multiple teams, balancing technical requirements, business priorities, and engineering constraints to deliver scalable solutions
• Mentor engineers and security practitioners, raising the bar for secure software development and helping teams make sound security decisions
• Influence technical strategy and security standards through hands-on engineering, technical leadership, and cross-functional collaboration
• Stay ahead of emerging threats, security technologies, and AI-specific risks to help shape Fullscript's long-term security posture

Skills

• 8+ years of software engineering experience designing, building, and operating production systems
• 3+ years of recent experience in application security, product security, security engineering, or a related security discipline
• Deep understanding of secure software development, modern application architectures, APIs, and cloud-native environments
• Experience owning complex technical initiatives from problem definition through delivery, including working across multiple teams and stakeholders
• Proven ability to influence technical direction, mentor engineers, and drive adoption of security best practices
• Strong hands-on experience with security tooling, automation, vulnerability management, and security assessments
• Excellent communication skills, strong technical judgment, and a continuous learning mindset
• Experience securing Ruby on Rails, Node.js, JavaScript, GraphQL, or similar application ecosystems
• Experience with AWS cloud security and cloud-native security controls
• Experience with threat modeling methodologies such as STRIDE, PASTA, or similar frameworks
• Experience with vulnerability management, application security posture management, or developer security tooling
• Familiarity with GitHub, GitLab, Wiz, static analysis tools, secret scanning, or related security platforms
• Experience conducting penetration testing, security research, or ethical hacking activities
• Experience protecting healthcare, regulated, or sensitive customer data

Benefits

• Remote-first flexibility to work where you work best, with North America (Ottawa, Toronto, or Calgary) preferred for this role.
• Flexible PTO and competitive pay, because work-life balance matters
• RRSP/401k match and stock options to invest in your future
• Premium benefits package with customizable coverage, paramedical services, and an HSA.
• Fullscript discounts to save on high-quality wellness products
• Continuous learning opportunities to grow your skills and career

Company Overview