Back to all listings
Staff Application Security Engineer
Who We Are
Healthcare needs a better rhythm: one that keeps care continuous and deeply human. Heidi is building an AI Care Partner that works alongside clinicians to make that possible.
We’re a team of doctors, engineers, designers, researchers, and creatives building tools that help clinicians stay focused on what matters most: their patients.
In just 18 months, Heidi has given back more than 18 million hours to healthcare professionals — supporting 73 million patient visits in 116 countries. Today, more than two million patient visits each week are powered by Heidi worldwide.
Backed by nearly $100 million in funding, we’re growing in the US, UK, Canada, and Europe, partnering with leading health systems including the NHS, Beth Israel Lahey Health, and Monash Health.
About the Role
We're building security systems for medical technology that handles sensitive data and supports critical healthcare decisions. Security and data protection are core to what we build.
In this role you'll partner with product and engineering teams to design secure architectures and establish patterns that teams can apply consistently across services and client applications.
What you’ll do
Lead secure architecture work early: threat model features, define security requirements, and propose concrete architecture options
Design and standardise secure patterns for authentication, session management, and token handling across services and client applications
Design and review authorisation models and access control patterns (policy enforcement, fine-grained controls)
Establish secure API architecture patterns: validation and normalisation, rate limiting, abuse resistance, and observability signals
Build libraries, templates, and reference implementations so teams can adopt secure patterns with minimal friction
Shape security testing and feedback loops (static and dynamic testing, dependency scanning) so they reinforce architecture choices and stay actionable
Contribute to the wider security program by turning recurring application risks into standards, shared components, and engineering guidance
What we’re looking for
We're looking for senior/staff-level capability, expressed as autonomy, depth, and ability to scale impact.
Operates with high autonomy: can take an ambiguous app risk area and drive it from discovery to architecture to rollout
Strong domain understanding of modern application architectures, distributed systems failure modes, and common security pitfalls
Designs pragmatic security architectures that fit product constraints and delivery realities
Builds leverage through reusable patterns, shared components, and clear standards, not just one-off reviews
Communicates trade-offs clearly and aligns product and engineering stakeholders on decisions
Our Approach to Security
We build security into how we work through automation, practical controls, and clear communication. We aim for secure defaults and guardrails that help teams make good choices without unnecessary friction.
Note on Requirements
We care more about skills, approach, and ability to learn than specific certifications or industry background. If you have strong security domain knowledge and the specialised skills for this role, we'd love to hear from you.
The way we work
1. Build to Last
We design for safety and reliability so clinicians, patients, and our teams can trust what we build every day.
2. Own Your Practice
Ideas rise on merit, not title, and everyone shares responsibility for the standards we set together.
3. Move Fast, Stay Steady
We move quickly but never at the cost of trust. Progress only matters if people can depend on what we make.
4. Make Others Better
Honest feedback, steady support, and shared growth keep our teams improving together.
Why you will flourish with us
Flexible hybrid working environment, with 3 days in the office.
A generous personal development budget of $500 per annum
Learn from some of the best engineers and creatives, joining a diverse team
Become an owner, with shares (equity) in the company, if Heidi wins, we all win
The rare chance to create a global impact as you immerse yourself in one of Australia’s leading healthtech startups
If you have an impact quickly, the opportunity to fast track your startup career!
Heidi is dedicated to creating an equitable, inclusive, and supportive work environment that brings people together from diverse backgrounds, experiences, and perspectives. Our strength is in our differences. We're proud to be an equal opportunity employer and welcome all applicants as we're committed to promoting a culture of opportunity for all.