Principal Application Security Engineer - Truveta Seattle, Washington, United States Bookmark Share Print 149 0 0

Listing Description

Principal Application Security Engineer


Truveta is the world’s first health provider led data platform with a vision of Saving Lives with Data. Our mission is to enable researchers to find cures faster, empower every clinician to be an expert, and help families make the most informed decisions about their care. Achieving Truveta’ s ambitious vision requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values.


Our headquarters are in the greater Seattle area but we celebrate and embrace a remote culture.


Who We Need


Truveta is rapidly building a talented and diverse team to tackle complex health and technical challenges. We are seeking candidates inspired by the opportunity to securely apply data in the development of real-world health solutions. Beyond core capabilities, we seek problem solvers, passionate and collaborative teammates, and those willing to roll up their sleeves while making a difference. We do things the right way. Our commitment to security and compliance assurance cannot be stressed enough. This position is critical to ensuring we are successful.


If you are interested in the opportunity to pursue purposeful work, join a mission-driven team, and build a rewarding career while having fun, Truveta may be the perfect fit for you.


This Opportunity


Success in the healthcare industry is predicated on a foundation of trust. We demonstrate our trustworthiness as stewards of health data through three foundational pillars: security, privacy, and compliance.


Position Purpose:


Secure Truveta’s applications, cloud infrastructure, and critical assets from current or emerging cyber threats and exploits. Candidates must understand what matters most to Truveta’s Health Care Partners and the sensitive data Truveta is entrusted to protect.


Primary Tasks and Responsibilities:



  • Perform security architecture design as well as secure code reviews, ensuring compliance with Company and industry standards

  • Develop cloud native secure architectural reference documents to ensure internal and third-party services are deployed in adherence with cyber security controls and industry best practices

  • Advocate for the implementation of security solutions throughout Truveta, ensuring emerging technology and open-source products can be easily integrated into current security tools

  • Advance Company security posture, leading the effort to ensure a modern cloud native approach to enable the achievement of organizational goals and objectives

  • Thorough comprehension of Truveta’s cloud native infrastructure and capable of recommending enhancements to ensure current technology enables adherence to the security controls defined in policies and SOPs

  • Knowledgeable of public key infrastructure best practices to ensure digital certificates are effectively and securely managed throughout their lifecycle

  • Be a single point of contact for Product and Engineering team members, helping design internal applications that adhere to modern cyber security control framework and industry best practices

  • Collaborate with Product and Engineering to drive the secure deployment of third-party applications and services

  • Assist in the creation of key performance indicators (KPI) that enable stakeholders to understand security control gaps in current deployments

  • Establish disaster recovery procedures and, in collaboration with security operations, conduct incident and disaster recovery tabletop exercises

  • Remain current with the latest cyber security trends, standards, authentication protocols, and products 


Key Qualifications:



  • The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to Computer Science, Information Security, and Information Systems

  • 10+ years of experience across multiple cyber security disciplines and technical expertise in secure SDLC

  • Deep understanding of current application security technologies (e.g., OWASP, container security tools, DAST, SAST, SCA, web application pen tests, WAF security, API security)

  • Strong working knowledge of current IT risks and security implementations, including infrastructure and application security solutions

  • Able to interact with all levels of the Company, including a wide range of people from different backgrounds and with differing technical acumen

  • Mentor and guide peers, cultivating a sense of security awareness on-the-job security training


Preferred Qualifications



  • Experience in performing detailed technical architecture assessments to identify gaps or potential threat-vectors

  • Experience with .NET, Python, Java, and JavaScript development are a plus

  • Certifications in Information Security, e.g., GSEC, GISP, CISSP, CISM, CRISC, CISA, or other security relevant accreditations

  • Experience in delivering product security in one or more public clouds (Azure, AWS, GCP)

  • Experience in securely operating highly distributed systems with published SLAs

  • Experience with supporting engineering compliance, e.g., HIPAA, ISO, SOC2


Why Truveta?


Be a part of building something special. Now is the perfect time to join Truveta. We have strong, established leadership with decades of success. We are well-funded. We are building a culture that prioritizes people and their passions across personal, professional, and everything in between. Join us as we build an amazing company together. 


We offer:



  • Interesting and meaningful work for every career stage

  • Competitive compensation

  • Comprehensive benefits with strong medical, dental, and vision insurance plans

  • 401K plan

  • Professional development for continuous learning

  • Work/life autonomy via flexible work hours and flexible paid time off

  • Generous parental leave

  • Regular team activities (virtual and in-person as soon as we are able)


Truveta is committed to creating a diverse, inclusive, and empowering workplace. We believe that having employees, interns, and contractors with diverse backgrounds enables Truveta to better meet our mission and serve patients and health communities around the world. We recognize that opportunities in technology historically excluded and continue to disproportionately exclude Black and Indigenous people, people of color, people from working class backgrounds, people with disabilities, and LGBTQIA+ people. We strongly encourage individuals with these identities to apply even if you don’t meet all of the requirements.


 


Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided



About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765