Information Protection Advisors- Hybrid
About The Position
The job profile for this position is Information Protection Advisor, which is a Band 4 Senior Contributor Career Track Role with eviCore Healthcare MSI, LLC. Responsiblities- Act as a subject matter expert on application security to improve and further integrate security best practices into product design and software development lifecycles (SDLC) of the organization. Perform focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommend security enhancements. Assist development teams with secure code reviews and other AppSec assessments to educate development teams on security weaknesses and vulnerabilities. Assist with the implementation and management of automated security controls as part of CICD pipelines and DevSecOps philosophies. Assist with the education of development teams on the remediation of vulnerabilities detected in SAST, SCA, and DAST security tools. Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices. Hybrid work schedule.
Requirements
- Requires a Master's Degree in Computer Science or a closely related field and 3 years of Cybersecurity experience (or a Bachelor's Degree in Computer Science or a closely related field and 5 years of Cybersecurity experience).
- Must have experience with: Integrating security at every phase of the Software Development Lifecycle; Identifying potential threats and vulnerabilities early in the design phase; Using SAST/DAST tools and techniques to analyze source code and running applications for vulnerabilities; Utilizing secure coding standards, including OWASP Top 10 and SEI Cert, across multiple languages; identifying, prioritizing, and remediating vulnerabilities using tools including Nessus, Qualys, and Burp Suite; Secure identity management including authentication, authorization mechanisms, and role-based controls using tools including OAuth, SAML, and JWT; embedding security into CI/CD pipelines; GitHub Actions for DevSecOps Integration; Jenkins for DevSecOps Integration; Securing applications deployed in cloud environments, including container security; Assessing application risk and compliance with security standards including NIST and ISO 27001; and, Detecting, analyzing, and responding to application-level security incidents.
- If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.
Responsibilities
- Act as a subject matter expert on application security to improve and further integrate security best practices into product design and software development lifecycles (SDLC) of the organization.
- Perform focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommend security enhancements.
- Assist development teams with secure code reviews and other AppSec assessments to educate development teams on security weaknesses and vulnerabilities.
- Assist with the implementation and management of automated security controls as part of CICD pipelines and DevSecOps philosophies.
- Assist with the education of development teams on the remediation of vulnerabilities detected in SAST, SCA, and DAST security tools.
- Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
