Application Security Specialist

Secure Our Digital Future

We are seeking a skilled Application Security Engineer to join our team. In this role, you will play a critical part in ensuring the security and integrity of our applications.

About the Role

As an Application Security Engineer, you will be responsible for improving our application security posture and maintaining a secure platform throughout the Software Development Life Cycle (SDLC). You will work closely with our Product and Engineering teams, as well as external testers, to identify and address security vulnerabilities.

Key Responsibilities

• Spearhead Application Security Efforts: Be an advocate for application security within the organization, developing and maintaining a risk-based application security program based on a well-defined application security framework.
• Ensure Platform Compliance: Ensure the platform complies with healthcare-specific security standards such as HIPAA and HITRUST, and follow best practices for handling sensitive patient data.
• Analyze and Address Vulnerabilities: Find common patterns and themes within application vulnerabilities and work with Development teams to address the root causes.
• Participate in Strategic Decisions: Participate in the strategic decisions related to the requirements, design, implementation, and operations of application security framework, processes, and technology.
• Execute Security-Focused Code Reviews: Execute security-focused code, architecture and integration reviews.
• Coordinate Penetration Testing: Coordinate or conduct penetration testing and drive remediation efforts to completion.
• Integrate Security Testing Tools: Collaborate with DevOps teams to integrate security testing tools (SAST/DAST) into CI/CD pipelines to enable DevSecOps practices.
• Stay Up-to-Date with the Latest Security Issues and Technologies: Keep abreast of the latest security issues and technologies.
• Own and Improve Process Documentation: Own and improve process and procedural documentation.
• Assist with Daily Security Activities: Assist with daily activities and functions of the Security team (including alert & incident response) to maintain security posture as well as policy and compliance commitments.

Requirements and Qualifications

• Cybersecurity Framework Expertise: Deep knowledge and familiarity with Cybersecurity Framework, including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten.
• Crypto and Authentication Knowledge: Deep knowledge of crypto, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens.
• Pentesting and Automation Skills: Possess a relentless desire to (ethically) break into things and can communicate the attack scenarios and mitigation options based on standard framework.
• Programming Language Proficiency: Ability to read and understand Java, JavaScript, and Python.
• Automation Experience: Ability to automate repetitive tasks, using Python or other scripting language.
• Regulated Industry Experience: Experience working in regulated industries, with a focus on healthcare security standards (HIPAA, HITRUST).

Nice-to-Haves

• Penetration Testing Experience: 2+ years of experience in web application penetration testing or a security-focused application development role.
• Certifications: AWS Security, CEH, GWEB, GCIH or equivalent certifications.
• Team Collaboration Skills: Ability to work in a diverse, fast-paced environment and effectively collaborate across teams.
• Communication Skills: Outstanding written and oral communication skills with demonstrated ability to clearly articulate to both a technical and functional audience.

What We Offer

• Competitive Salary
• Health Insurance
• Referral Bonuses
• Generous Vacation Time
• Paid Maternity and Paternity Leave
• Work from Home Days
• Lunch Facility within Office
• Travel Allowance
• Company Equipment
• Professional Development Opportunities
• Award-Winning Team Members