Lead Applications Security Engineer

$98,900 - $183,100/Yr

Centene - Jefferson City, MO

posted 3 months ago

Full-time - Mid Level
Jefferson City, MO
Ambulatory Health Care Services

About the position

The position of Cybersecurity Engineer at Centene is pivotal in leading the organization's cybersecurity and privacy principles to ensure that applications and services are implemented in accordance with internal security standards. This role involves recognizing vulnerabilities in security systems through various methods such as vulnerability and compliance scanning. The Cybersecurity Engineer will oversee and perform critical tasks including threat modeling, security code reviews, security assessments, and security hardening reviews throughout the Secure Software Development Life Cycle (SSDLC) process. Additionally, the engineer will be responsible for engineering and developing cloud automation routines to streamline operations, promoting a comprehensive understanding and adherence to the SSDLC Policy and Standards. In this role, the Cybersecurity Engineer will work directly with application development teams to ensure that application weaknesses and identified vulnerabilities are effectively mitigated or remediated based on Service Level Agreements (SLA). The individual will also be responsible for developing the application security testing (AST) technology strategy and roadmap, championing the understanding and adherence to Centene's secure SDLC policy and standard. Analyzing existing plans, policies, and procedures for incident response and recovery will also be a key responsibility. The Cybersecurity Engineer will represent Applications Security Engineering at Service Design meetings and other Enterprise Architecture-level gatherings, responding to security incidents and providing technical incident support for medium to high severity issues. This role serves as the primary liaison between other IT Security teams and development teams, ensuring effective communication and collaboration across departments. The position may also involve performing other duties as assigned and ensuring compliance with all relevant policies and standards.

Responsibilities

  • Lead cybersecurity and privacy principles to ensure applications and services meet internal security standards.
  • Recognize vulnerabilities in security systems through vulnerability and compliance scanning.
  • Oversee and perform threat modeling, security code reviews, security assessments, and security hardening reviews throughout the SSDLC process.
  • Engineer and develop cloud automation routines to streamline operations.
  • Promote understanding and adherence to the SSDLC Policy and Standards.
  • Work directly with application development teams to mitigate or remediate application weaknesses and identified vulnerabilities based on SLA.
  • Be responsible for application security testing (AST) technology strategy and roadmap development.
  • Champion understanding and adherence to Centene's secure SDLC policy and standard.
  • Analyze existing plans, policies, and procedures for incident response and recovery.
  • Represent Applications Security Engineering at Service Design meetings and other Enterprise Architecture-level gatherings.
  • Respond to security incidents and provide escalation support for medium to high severity issues.
  • Serve as the primary liaison between IT Security teams and development teams.
  • Perform other duties as assigned and comply with all policies and standards.

Requirements

  • Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science).
  • 5 - 7 years of related experience or equivalent experience reflecting the level of this position.
  • Advanced knowledge of programming and/or scripting languages including C#, Java, Go, JavaScript, Bash, and PowerShell.
  • Advanced understanding of DevOps workflows and Agile operations.
  • Advanced understanding of Confidentiality, Integrity, & Reliability (CIA) triad application to application security concepts.
  • Advanced experience administrating and using application security testing (AST) platforms such as Snyk, Veracode, Netsparker, AppScan, NowSecure, Contrast, etc.
  • Advanced experience administrating and using API security platforms such as Traceable.ai, Salt, Noname Security, etc.
  • Advanced experience administrating containerized applications running within Kubernetes.
  • Advanced experience administrating applications and/or security tools running within AWS.

Nice-to-haves

  • Intermediate ability to identify basic problems and procedural irregularities, collect data, establish facts, and draw valid conclusions.
  • Intermediate ability to work independently and demonstrate analytical skills.
  • Intermediate project management skills and ability to drive multiple projects to successful completion.
  • Intermediate ability to communicate and make recommendations to upper management.

Benefits

  • Competitive pay
  • Health insurance
  • 401K and stock purchase plans
  • Tuition reimbursement
  • Paid time off plus holidays
  • Flexible work schedules including remote, hybrid, field, or office work options.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service