Centene - St. Louis, MO

posted about 2 months ago

Full-time - Mid Level
St. Louis, MO
Ambulatory Health Care Services

About the position

You could be the one who changes everything for our 28 million members by using technology to improve health outcomes around the world. As a diversified, national organization, Centene's technology professionals have access to competitive benefits including a fresh perspective on workplace flexibility. The position involves applying cybersecurity and privacy principles to ensure the organization's applications and services are implemented according to internal security standards. This role recognizes vulnerabilities in security systems through vulnerability and compliance scanning, overseeing and performing threat modeling, security code reviews, security assessments, and security hardening reviews throughout the Secure Software Development Life Cycle (SSDLC) process. The successful candidate will engineer and develop cloud automation routines to streamline operations while promoting understanding and adherence to the SSDLC Policy and Standards. This position requires direct collaboration with application development teams to ensure that application weaknesses and identified vulnerabilities are mitigated or remediated based on Service Level Agreements (SLA). Additionally, the role involves reviewing and improving existing plans, policies, and procedures for incident response and recovery. The candidate will champion understanding and adherence to the secure SDLC policy and standard, oversee the development of training on procedures around application security testing (AST) platform operations and outage response, and respond to security incidents, providing escalation support as needed. The role also includes supporting knowledge transfer and education for Tier 1 and Tier 2 Applications Security Engineers and serving as a liaison between other IT Security teams and development teams. Other duties may be assigned as necessary, and compliance with all policies and standards is expected.

Responsibilities

  • Apply cybersecurity and privacy principles to ensure applications and services meet internal security standards.
  • Recognize vulnerabilities in security systems through vulnerability and compliance scanning.
  • Oversee and perform threat modeling, security code reviews, security assessments, and security hardening reviews throughout the SSDLC process.
  • Engineer and develop cloud automation routines to streamline operations.
  • Promote understanding and adherence to the SSDLC Policy and Standards.
  • Work directly with application development teams to mitigate or remediate application weaknesses and identified vulnerabilities based on SLA.
  • Review and improve existing plans, policies, and procedures for incident response and recovery.
  • Champion understanding and adherence to the secure SDLC policy and standard.
  • Oversee development of training on procedures around application security testing (AST) platform operations and outage response.
  • Respond to security incidents and provide escalation support.
  • Support knowledge transfer and education for Tier 1 and Tier 2 Applications Security Engineers.
  • Serve as a liaison between IT Security teams and development teams.

Requirements

  • Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science).
  • 4 - 6 years of related experience or equivalent experience acquired through applicable knowledge, duties, scope, and skill reflective of the level of this position.
  • Intermediate knowledge of programming and/or scripting languages including C#, Java, Go, JavaScript, Bash, and PowerShell.
  • Understanding of DevOps workflows.
  • Intermediate understanding of Confidentiality, Integrity, and Availability (CIA) triad application to application security concepts.
  • Standard Operating Procedure development experience.
  • Intermediate understanding of Agile operations.
  • Intermediate understanding of Site Reliability Engineering.
  • Intermediate experience administrating and using application security testing (AST) platforms such as Snyk, Veracode, Netsparker, AppScan, NowSecure, Contrast, etc.
  • Intermediate experience administrating and using API security platforms such as Traceable.ai, Salt, Noname Security, etc.
  • Intermediate experience with administrating containerized applications running within Kubernetes.
  • Intermediate experience with administrating applications and/or security tools running within AWS.

Nice-to-haves

  • Experience with cloud security best practices.
  • Knowledge of regulatory compliance standards (e.g., HIPAA, PCI-DSS).
  • Familiarity with security frameworks such as NIST or ISO 27001.

Benefits

  • Competitive pay
  • Health insurance
  • 401K and stock purchase plans
  • Tuition reimbursement
  • Paid time off plus holidays
  • Flexible work schedules including remote, hybrid, field, or office work options
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service