Senior Application Security Engineer

Passionate about precision medicine and advancing the healthcare industry?

Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time.

Tempus is seeking a Senior Application Security Engineer with deep expertise in penetration testing to lead efforts in identifying and remediating vulnerabilities across web, mobile, and medical device applications. You will safeguard sensitive healthcare data and ensure the security of our internal systems and software medical device (SaMD) products, supporting our mission to improve patient outcomes through secure-by-design principles.

• Execute advanced black-box and grey-box penetration tests on web applications, APIs (REST/GraphQL), and internal systems.

• Perform deep-dive mobile security assessments on iOS and Android, including reverse engineering and bypassing client-side controls like root detection and certificate pinning.

• Lead specialized security testing and threat modeling for FDA-regulated medical device software, ensuring compliance with HIPAA, GDPR, and FDA cybersecurity guidelines.

• Develop high-quality technical reports detailing exploit chains and business logic flaws, providing engineering teams with hands-on remediation guidance.

• Automate security testing by developing custom tools and scripts in languages such as Python, Go, or PowerShell.

• Communicate complex security risks and business impacts to executive leadership and cross-functional stakeholders.

• Mentor junior team members and provide security training to development teams to foster a robust culture of security awareness.

• 5+ years of experience in penetration testing, ideally within healthcare or highly regulated environments.

• Expert knowledge of web/API vulnerabilities (OWASP Top 10) and mobile testing frameworks (Frida, Burp Suite, MobSF, Ghidra).

• Understanding of medical protocols (DICOM, HL7) and cloud security practices (AWS, Azure, or GCP).

• Proficiency in scripting languages (Python, JavaScript/TypeScript, Go) and secure SDLC practices.

• Excellent analytical, problem-solving, and interpersonal communication skills.

• Offensive Security: OSCP, OSCE, or OSWE.

• Mobile Security: eCMAP or GMOB.

• General/Regulated: CEH, CSSLP, GPEN, GWAPT, or UL 2900 training.

The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position.

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.