Listing Description
If you like to break apps and you know what it takes to secure them, then this role is for you! Our Application Security Engineers work alongside the larger technology organization to evaluate the design and implementation of our products, design security solutions and features, and educate our teams on secure coding and emerging threats. Outside of internally developed applications, you’ll also have a hand in evaluating the risk of 3rd party solutions and perform penetration tests where necessary. This position will constantly challenge you to learn new skills and apply yourself in different ways towards our mission of advancing security in the healthcare industry.
In this role, you will be expected to collaborate with individuals from across all different levels and functions with the organization. You will partner with these teams on security issues that are often times have ambiguous solutions, and work to design solutions that align with broader organizational goals. This will require partnership and persuasion to gain the support and commitment of others while optimizing work processes by identifying opportunities to improve.
What you'll work on:
Hands on security testing (grey-box) and code review of internally and externally developed applications
Provide product security guidance and architecture oversight, design reviews and security feature roadmap collaboration
Provide security subject matter expertise to development teams, developing secure coding practices, and develop hands-on training to developers and quality engineers
Participate in our incident response and vulnerability remediation efforts
Develop new automation and tooling to improve our detection of, and to assist in, the remediation of findings
Security research, presentation, and security industry collaboration
You’ll need:
2-3 years of product security experience
Experience being in-house security within an organization
In-depth experience identifying and protecting against web and mobile application vulnerabilities including those found in the OWASP Top 10 and CWE Top 25
Deep knowledge and security experience in at least two of the following languages: Ruby on Rails, Python, Javascript, Angular
Solid foundation in the browser security model, crypto, and network security
Nice to Have:
B.S. / M.S. in Computer Science, Electrical Engineering, or related experience
OSCP or CEH Certifications
Real world experience, internal penetration testing and/or vulnerability analysis
Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications
Dual Builder / Breaker mindset: Passion for breaking things and working alongside teams to fix them
Good sense of humorHands on security testing (grey-box) and code review of internally and externally developed applications
Provide product security guidance and architecture oversight, design reviews and security feature roadmap collaboration
Provide security subject matter expertise to development teams, developing secure coding practices, and develop hands-on training to developers and quality engineers
Participate in our incident response and vulnerability remediation efforts
Develop new automation and tooling to improve our detection of, and to assist in, the remediation of findings
Security research, presentation, and security industry collaboration
Listing Details
- Citizenship: Us Citizen
- Incentives: Stock Options
- Education: No Requirements
- Travel: No Travel
- Telework: No Telecommute