Zelis - Tallahassee, FL
posted about 2 months ago
Zelis is seeking an Application Security Engineer to collaborate closely with corporate application development teams. This role is crucial for ensuring the application security of corporate applications. The engineer will work alongside Application Development teams to identify application assets, data flows, potential threats, and necessary cybersecurity controls. Additionally, the engineer will partner with Application Security Testers to assess the effectiveness of the identified cybersecurity measures. The position offers flexibility in work location, with offices in various cities including Atlanta, Boston, Morristown, Plano, St. Louis, St. Petersburg, and Hyderabad. Zelis promotes a hybrid and remote-friendly culture, allowing work locations to be determined based on the needs of the position and the leadership team's decisions. In-office work and activities will vary according to team objectives and company policies. The Application Security Engineer will be responsible for partnering with corporate stakeholders to understand and implement regulatory, industry, and organizational security requirements. This includes providing security requirements with acceptance criteria to application development teams using Agile and Waterfall methodologies. The engineer will conduct threat modeling exercises to identify potential security vulnerabilities in corporate applications and analyze application components, data flows, and external dependencies to anticipate and mitigate threats. A critical aspect of the role involves reviewing the architecture of software applications to ensure that security is integrated at every layer, including network, infrastructure, and application levels. The engineer will implement security controls and best practices to address identified risks and vulnerabilities, such as encryption, authentication, access controls, and input validation. Furthermore, the engineer will perform security code reviews to identify and remediate vulnerabilities in application code, focusing on common security flaws like injection attacks and cross-site scripting (XSS). Providing guidance and training to development teams on secure coding practices and relevant security tools is also a key responsibility. The engineer will evaluate and implement security tools and automation solutions to enhance the security posture of applications and streamline security processes. This position requires a proactive approach to security and a commitment to continuous improvement in application security practices.