Nonprofit
Application Security Lead
Details
Description
Human Health Project (HHP) is a holistic health literacy charity. Our mission is to improve the health of the underserved and vulnerable through holistic information, education and advocacy. Our objective is to empower people to manage their own health with improved outcomes and no medical errors. For more information, please visit our website including viewing our "Shared Patient Information" program page which includes 50 pages of reports on both our Migraine and Lupus and feedback received from people who reviewed the reports in the section, "What Our Members are Saying" - https://tinyurl.com/4c5y3mfa and our "Healthcare Access Program" which includes short video courses in our Learning Academy - https://tinyurl.com/4xwdz5wh , Patient Advocacy Workshops in Los Angeles, - https://tinyurl.com/mryave5x and in Northern Ireland - https://tinyurl.com/nhj6kp7p and our Online Peer to Peer Events - https://tinyurl.com/5ddmxuyn
Volunteer Opportunity | Remote | Human Health Project
DETAILS
Available Times: Weekdays (daytime or evenings)
Time Commitment: A few hours per week
Recurrence: Recurring
Volunteers Needed: 1
Cause Areas: Health & Medicine, Science & Technology
Location: Remote. Volunteer can be anywhere in the world.
Reports to: Chief Information Security Officer (CISO)
THE OPPORTUNITY
HHP's UPE platform is built on a React frontend and Laravel backend. It handles protected health
information and serves users across multiple countries. Before UPE goes to commercial licensees, its
codebase needs to be assessed against security standards, gaps need to be closed, and security
needs to be integrated into the development process so it stays closed.
The Application Security Lead owns that work. This role sits inside the CISO organization and
collaborates closely with HHP's development team while reporting to the CISO.
RESPONSIBILITIES
- Assess the UPE React frontend and Laravel backend against the OWASP Top 10 and API
security standards
- Review authentication, authorization, session management, input validation, and data handling in
the codebase
- Identify and document security vulnerabilities; prioritize findings by risk and work with the
development team on remediation
- Recommend and support adoption of shift-left security practices, including security requirements
in development tickets and code review participation
- Advise on secure coding standards appropriate to the PHP/Laravel and React environment
- Contribute findings to the CISO's 90-day UPE data protection plan and ongoing risk register
QUALIFICATIONS
We welcome applications from students, early-career professionals, and practitioners returning to the
workforce. Demonstrated skills and relevant coursework are considered alongside formal experience.
Required:
- Hands-on experience with web application security assessment, including manual testing and
familiarity with common vulnerability classes
- Working knowledge of the OWASP Top 10 and API security risks
- Ability to read and assess PHP/Laravel backend code and React frontend code for security issues
- Clear written communication; ability to document findings in a way that developers can act on
Preferred:
- Experience with penetration testing tools (Burp Suite, OWASP ZAP, or similar)
- Familiarity with DevSecOps practices and integrating security into CI/CD pipelines
- Experience in healthcare technology or with systems handling PHI or PII
- Certifications such as OSCP, CEH, GWEB, or equivalent practical experience
ABOUT HUMAN HEALTH PROJECT
Human Health Project (HHP) is a holistic health literacy charity. Our mission is to improve the health of
the underserved and vulnerable through holistic information, education, and advocacy. Our objective is
to empower people to manage their own health with improved outcomes and no medical errors.
Founded in 2002, HHP operates across the United States, Northern Ireland, and the Republic of
Ireland, serving patients and caregivers worldwide through peer-to-peer programs, a multilingual
Learning Academy, and the Unified Patient Experience (UPE) platform. For more information, visit
ADDITIONAL INFORMATION
This is an unpaid volunteer position. Hours are flexible. All volunteers in the CISO organization are
required to sign HHP's standard volunteer agreement before accessing any HHP systems or
confidential information.
HOW TO APPLY
To apply, please copy/paste the address below in a new tab or window to submit the Pre-Screen Questionnaire and Resume: https://forms.gle/6sefRinUT8wTw7H8A
Location
Associated Location
Please fill out this form
To apply, please copy/paste the address below in a new tab or window to submit the Pre-Screen Questionnaire and Resume: https://forms.gle/6sefRinUT8wTw7H8A
