Centene - St. Louis, MO

posted about 2 months ago

Full-time - Mid Level
St. Louis, MO
Ambulatory Health Care Services

About the position

As a key player in Centene's mission to enhance health outcomes for our 28 million members, this position focuses on leading cybersecurity and privacy principles to ensure that the organization's applications and services are implemented in accordance with internal security standards. The role involves recognizing vulnerabilities in security systems through various methods such as vulnerability and compliance scanning. The individual will oversee and perform critical tasks including threat modeling, security code reviews, security assessments, and security hardening reviews throughout the Secure Software Development Life Cycle (SSDLC) process. Additionally, the position requires engineering and developing cloud automation routines to streamline operations, promoting understanding and adherence to the SSDLC Policy and Standards. The successful candidate will work directly with application development teams to ensure that application weaknesses and identified vulnerabilities are effectively mitigated or remediated based on Service Level Agreements (SLA). This role is also responsible for the application security testing (AST) technology strategy and roadmap development, championing the understanding and adherence to Centene's secure SDLC policy and standard. The individual will analyze existing plans, policies, and procedures for incident response and recovery, representing Applications Security Engineering at Service Design meetings and other Enterprise Architecture-level gatherings. In addition, the role involves responding to security incidents, providing technical incident support, and serving as the primary liaison between other IT Security teams and development teams. Other duties may be assigned as necessary, and compliance with all policies and standards is expected.

Responsibilities

  • Lead cybersecurity and privacy principles to ensure applications and services meet internal security standards.
  • Recognize vulnerabilities in security systems through vulnerability and compliance scanning.
  • Oversee and perform threat modeling, security code reviews, security assessments, and security hardening reviews throughout the SSDLC process.
  • Engineer and develop cloud automation routines to streamline operations.
  • Promote understanding and adherence to the SSDLC Policy and Standards.
  • Work directly with application development teams to mitigate or remediate application weaknesses and identified vulnerabilities based on SLA.
  • Develop application security testing (AST) technology strategy and roadmap.
  • Analyze existing plans, policies, and procedures for incident response and recovery.
  • Represent Applications Security Engineering at Service Design meetings and other Enterprise Architecture-level gatherings.
  • Respond to security incidents and provide escalation support as needed.
  • Serve as the primary liaison between IT Security teams and development teams.

Requirements

  • Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science).
  • 5 - 7 years of related experience or equivalent experience reflecting the level of this position.
  • Advanced knowledge of programming and/or scripting languages including C#, Java, Go, JavaScript, Bash, and PowerShell.
  • Advanced understanding of DevOps workflows and Agile operations.
  • Advanced understanding of the Confidentiality, Integrity, and Availability (CIA) triad as it applies to application security concepts.
  • Experience with application security testing (AST) platforms such as Snyk, Veracode, Netsparker, AppScan, NowSecure, Contrast, etc.
  • Experience with API security platforms such as Traceable.ai, Salt, Noname Security, etc.
  • Experience with containerized applications running within Kubernetes and applications/tools running within AWS.

Nice-to-haves

  • Knowledge of Standard Operating Procedure development.
  • Experience with Site Reliability Engineering.

Benefits

  • Competitive pay
  • Health insurance
  • 401K and stock purchase plans
  • Tuition reimbursement
  • Paid time off plus holidays
  • Flexible work schedules including remote, hybrid, field, or office work options.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service