Application Security Engineer

Zelis Healthcare

posted 2 months ago

Full-time - Mid Level
Remote
Professional, Scientific, and Technical Services

About the position

Zelis is seeking an Application Security Engineer to join our team, focusing on the security of corporate applications. This role involves close collaboration with application development teams to ensure that security is integrated into every aspect of the application lifecycle. The Application Security Engineer will be responsible for identifying application assets, data flows, potential threats, and the necessary cybersecurity controls to protect our applications. You will also work alongside Application Security Testers to evaluate the effectiveness of these controls. In this position, you will partner with corporate stakeholders to understand and implement regulatory, industry, and organizational security requirements. You will provide security requirements with acceptance criteria to application development teams, utilizing both Agile and Waterfall methodologies. Conducting threat modeling exercises will be a key responsibility, allowing you to identify potential security vulnerabilities in corporate applications. You will analyze application components, data flows, and external dependencies to anticipate and mitigate threats effectively. Your role will also include reviewing the architecture of software applications to ensure that security is embedded at every layer, including network, infrastructure, and application levels. You will implement security controls and best practices to address identified risks and vulnerabilities, such as encryption, authentication, access controls, and input validation. Performing security code reviews to identify and remediate vulnerabilities in application code will be essential, as will providing guidance and training to development teams on secure coding practices and relevant security tools. Additionally, you will evaluate and implement security tools and automation solutions to enhance the security posture of applications and streamline security processes. This position is crucial in maintaining the integrity and security of our applications, ensuring that we meet the highest standards of cybersecurity in the healthcare payments industry.

Responsibilities

  • Partner closely with corporate stakeholders to understand regulatory, industry, and organizational security requirements
  • Provide security requirements with acceptance criteria to application development teams using the Agile and Waterfall methodologies
  • Conduct threat modeling exercises to identify potential security vulnerabilities in corporate applications
  • Analyze application's components, data flows, and external dependencies to anticipate and mitigate threats
  • Review the architecture of software applications to ensure that security is integrated at every layer, including network, infrastructure, and application levels
  • Implement security controls and best practices to address identified risks and vulnerabilities, including encryption, authentication, access controls, input validation, and other security mechanisms
  • Perform security code reviews to identify and remediate security vulnerabilities in application code
  • Provide guidance and training to development teams on secure coding practices, security principles, and relevant security tools and technologies
  • Evaluate and implement security tools and automation solutions to enhance the security posture of applications and streamline security processes

Requirements

  • Bachelor's degree in Cyber Security or related degree and experience
  • 8+ years of experience in Cyber Security
  • 2+ years of experience in Agile and writing user stories
  • 2+ years of experience in Application Security and Threat Modeling, as well as application development or application secure code review
  • Understanding of API and Web security vulnerabilities
  • 2+ years of experience using Octave or Stride
  • Experience working within a DevSecOps environment

Nice-to-haves

  • Experience in security coding, source code management, and/or build and deployment technologies
  • Experience with web application firewalls
  • Familiarity with OWASP Top 10 API, Web, and Mobile Application Security Risks
  • Familiarity with MITRE CWE Top 25 Most Dangerous Software Weaknesses
  • CDP, CISSP, E|CDE or other relevant certifications
  • Familiarity with regulatory controls and industry best practices such as HIPAA, PCI, CIS, HiTrust, ISO 27001, NIST, etc.)

Benefits

  • Hybrid and remote friendly work culture
  • Commitment to diversity, equity, inclusion, and belonging
  • Equal Employment Opportunity policies
  • Accessibility support for candidates with disabilities

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service