Principal Application Security Engineer - Helix San Diego, California, United States Bookmark Share Print 21 0 0

Listing Description

You + Helix


Helix is a place where innovators and doers gather in order to drive significant progress in population genomics. We have come together to work at the intersection of clinical care, research, and genomics.  


If you’re excited by the idea of making a meaningful impact and joining a team where we pride ourselves on driving innovation through fostering an environment with an emphasis on empowering one another to grow, Helix might be the place for you!


Helix + The World


Our end-to-end population genomics platform enables health systems, life sciences companies, and payers to advance genomic research and accelerate the integration of genomic data into routine clinical care. We support all aspects of population genomics from recruitment to translational research and help our partners use genomics to improve health outcomes, increase patient engagement, and lower costs.   Leading health systems, including Renown Health, AdventHealth, and Mayo Clinic, use our population genomics platform to power some of the world’s largest and fastest-growing population genomics initiatives.


For the COVID-19 public health crisis, Helix has built one of the nation’s largest COVID diagnostic labs and has been on the leading edge of national viral surveillance efforts tracking B.1.1.7 and other viral strains.  


What is special about this role:


You will join a passionate Enterprise IT and Security organization serving a variety of clients across a dynamic and growing company in an energizing environment. As an Application Security Principal, you’ll design and provide security solutions on Helix Products and Services to build solutions and features that scale, deliver near and long-term value for engineering and products teams. You will be a part of the IT & Security team and will report directly to CISO & Head of IT.


You will be responsible for:



  • Directly work with Engineering and Product teams to enhance Enterprise DevOps and App Dev tools ecosystem - plan, code management, test management, security analysis, and deployment - that aligns with industry standard best practices SDLC policies.

  • Leverage security automation toolset(s) SAST/DAST/ASTO to develop, build, and deploy at scale.

  • Influence and create new security designs, architectures, standards, and methods for product delivery infrastructure, including micro services deployments and containerization.

  • Participate in and drive application security review at all parts of the Software Development Lifecycle, including threat modeling, code review and dynamic testing.

  • Increase process automation maturity through DevOpsSec standard methodologies in product delivery (CI/CD) platform design, and process automations using SAST/DAST/ASTO capabilities.

  • Experienced in using CodeQL, an open source engine, or any commercial third-party SAST tool in the GitHub environment.

  • Experience in performing penetration tests. Deep knowledge of OWASP and the configuration and use of open-source security tools.

  • A track record of maintaining and improving skills in existing and emerging open-source technologies such as GitHub through training or self-research.

  • Excellent understanding of software development lifecycle (SDLC) patterns and implementation.


Qualifications:



  • A minimum of 7+ years of experience in Application Security 

  • Experience with SaaS, Cloud services, and cloud-native technologies

  • Experience partnering with software engineering teams in an agile delivery model

  • Open-source and third-party software component analysis (SCA)

  • Experience with at least one scripting language (Bash, Lua, Python, etc.)

  • Threat Modeling and Secure Architecture Design 

  • Secure Developer Training experience

  • Implementing security automation in CI/CD and DevSecOps 

  • Public Security Disclosures and Vulnerability Response Management

  • Offensive security and pen-testing experience

  • A high level of empathy and excellent communication skills

  • Bachelor/ Master Degree in Security, Technology relevant field or equivalent work experience


Pluses:



  • Familiar working in a highly regulated environment (eg. US NIST 800-53, ISO 27001, SOX, SOC 2 Type 2)

  • Experience in Cloud architecture security (ex: Azure, AWS, GCP)

  • Experience utilizing GitHub product features, such as GitHub Actions

  • Industry standard certifications (OSCP, AWAE, etc.)

  • Experience and expertise using CodeQL as well as writing CodeQL queries


What Helix has to offer you:


Aside from working alongside brilliant, dedicated, passionate, down-to-earth, curious, warm, and thoughtful people, we also provide great benefits:



  • Competitive compensation, Comprehensive Health insurance package including employer sponsored HSA 

  • 12 weeks of Maternity or Paternity leave

  • 401(k) with employer matching and 100% vested on first day

  • Corporate fitness rate 

  • Comprehensive Well Being benefits

  • Catered meals 

  • Flexible PTO


Helix is proud to be an equal opportunity employer, and committed to providing employment opportunities regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, pregnancy, childbirth and breastfeeding, age, sexual orientation, military or veteran status, or any other protected classification, in accordance with applicable federal, state, and local laws.


Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided




About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765