One Medical logo
Senior Application Security Engineer - One Medical San Francisco, CA, USA Bookmark Share Print 277 0 1

Listing Details

  • Citizenship: Us Citizen
  • Incentives: Stock Options

 

  • Education: No Requirements
  • Travel: No Travel
  • Telework: No Telecommute

Listing Description

If you like to break apps and you know what it takes to secure them, then this role is for you! Our Application Security Engineers work alongside the larger technology organization to evaluate the design and implementation of our products, design security solutions and features, and educate our teams on secure coding and emerging threats. Outside of internally developed applications, you’ll also have a hand in evaluating the risk of 3rd party solutions and perform penetration tests where necessary. This position will constantly challenge you to learn new skills and apply yourself in different ways towards our mission of advancing security in the healthcare industry.

In this role, you will be expected to collaborate with individuals from across all different levels and functions with the organization. You will partner with these teams on security issues that are often times have ambiguous solutions, and work to design solutions that align with broader organizational goals. This will require partnership and persuasion to gain the support and commitment of others while optimizing work processes by identifying opportunities to improve.

What you'll work on:

Hands on security testing (grey-box) and code review of internally and externally developed applications

Provide product security guidance and architecture oversight, design reviews and security feature roadmap collaboration

Provide security subject matter expertise to development teams, developing secure coding practices, and develop hands-on training to developers and quality engineers

Participate in our incident response and vulnerability remediation efforts

Develop new automation and tooling to improve our detection of, and to assist in, the remediation of findings

Security research, presentation, and security industry collaboration

You’ll need:

2-3 years of product security experience

Experience being in-house security within an organization

In-depth experience identifying and protecting against web and mobile application vulnerabilities including those found in the OWASP Top 10 and CWE Top 25

Deep knowledge and security experience in at least two of the following languages: Ruby on Rails, Python, Javascript, Angular

Solid foundation in the browser security model, crypto, and network security

Nice to Have:

B.S. / M.S. in Computer Science, Electrical Engineering, or related experience

OSCP or CEH Certifications

Real world experience, internal penetration testing and/or vulnerability analysis

Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications

Dual Builder / Breaker mindset: Passion for breaking things and working alongside teams to fix them

Good sense of humorHands on security testing (grey-box) and code review of internally and externally developed applications

Provide product security guidance and architecture oversight, design reviews and security feature roadmap collaboration

Provide security subject matter expertise to development teams, developing secure coding practices, and develop hands-on training to developers and quality engineers

Participate in our incident response and vulnerability remediation efforts

Develop new automation and tooling to improve our detection of, and to assist in, the remediation of findings

Security research, presentation, and security industry collaboration




About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765