Lead Applications Security Engineer

About The Position

Requirements

• A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science) and requires 5 – 7 years of related experience. Or equivalent experience acquired through accomplishments of applicable knowledge, duties, scope and skill reflective of the level of this position.
• Experience with managing and tuning Web Application Firewall (WAF) configurations, reviewing alerts, and collaborating with engineering teams to reduce false positives while maintaining effective protection
• Administration, configuration, and implementation of SaaS systems/software in the healthcare domain
• Knowledge of .NET Framework; C++; Java; Python (Programming Language)
• Development toolset to design, develop, test, deploy, maintain, and improve software
• Static and dynamic application scanning tools such as Veracode or Qualys
• Intermediate - Seeks to acquire knowledge in area of specialty
• Intermediate - Ability to identify basic problems and procedural irregularities, collect data, establish facts, and draw valid conclusions
• Intermediate - Ability to work independently
• Intermediate - Demonstrated analytical skills
• Intermediate - Demonstrated project management skills
• Intermediate - Demonstrates a high level of accuracy, even under pressure
• Intermediate - Demonstrates excellent judgment and decision making skills
• Intermediate - Ability to communicate and make recommendations to upper management
• Intermediate - Ability to drive multiple projects to successful completion
• Intermediate - Possesses technical aptitude

Responsibilities

• Leads cybersecurity and privacy principles to ensure the organization's applications and services are implemented according to internal security standards.
• Recognizes vulnerabilities in security systems (e.g., vulnerability and compliance scanning).
• Oversees and performs threat modeling, security code reviews, security assessments, security hardening reviews, evaluates security designs, etc. throughout the Secure Software Development Life Cycle (SSDLC) process.
• Engineers and develops cloud automation routines to streamline operations.
• Promotes understanding and adherence to the SSDLC Policy and Standards.
• Ensures the implementation and maintenance of application security standards as per industry best practices
• Executes architectural analysis of the current application security architecture to detect critical deficiencies and recommend solutions for improvement
• Leads the audit of application security and operational configurations
• Remediates application security incoming alerts/vulnerabilities like malware, injection attacks, unauthorized access, etc.
• Creates application security documents, design standard operating procedures, report findings, and track them to closure by working with related parties
• Automates routine operational tasks related to application security and design self-service options to align with best-in-class security standards
• Implements application security solutions such as authentication, authorization, encryption, logging, and application security testing throughout the secure software development life cycle (SSDLC) process
• Undertakes initiatives/policies to review and generate recommendations for the application security configuration
• Performs other duties as assigned
• Complies with all policies and standards

Benefits

• competitive pay
• health insurance
• 401K and stock purchase plans
• tuition reimbursement
• paid time off plus holidays
• a flexible approach to work with remote, hybrid, field or office work schedules