Senior Cybersecurity Engineer
We are looking for a self-motivated Senior Cybersecurity Engineer to join the Cybersecurity Operations Team. We have a relentless focus on driving results for our customers and enabling them to invest more into patient care; in turn, this allows us to continue to grow our company and your career.
The Senior Cybersecurity Engineer will serve as the technical lead for the application security program and will be the application security subject matter expert for Cybersecurity, IT, and Line of Business colleagues. This role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the application security engineer addresses legacy and emerging security issues and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. As issues are uncovered, the application security engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation – allowing for business continuity, but without negligent risk.
The successful candidate must be well-versed in application security and security operations. This role is responsible for validating that application services are designed and implemented with high security standards. This position will also be a senior member of the overall Cybersecurity Operations Team, and will participate in providing security operations technical analysis, assessment, and recommendations in the areas of real-time security situational awareness, operational security systems and applications systems security monitoring.
As a senior member of the team, the Senior Cybersecurity Engineer requires a strong positive ability to lead junior team members through the strategy directed by senior management. In addition to technical skills, the Senior Cybersecurity Engineer is process-oriented and demonstrates effective problem-solving and communication skills. Considered a highly knowledgeable individual, the application security engineer is expected to recommend programmatic controls and monitor and manage secure development practices to address modern day issues.
- Be the lead engineer for the application security program and help the organization evolve its application security functions and services.
- Discover security exposures and develop mitigation plans, and report on and work as part of the Cybersecurity Operations Team to fix technical debt.
- Work with Cybersecurity, IT, and Development teams on executing standardized application security solutions.
- Collaborate and consult with the Development and Product teams on application security.
- Own and perform application security vulnerability management, leading application security reviews and threat modeling.
- Provide leadership for application vulnerability scanning and penetration testing, managing integration with vulnerability scanning tools such as Static Code Analysis and Dynamic Code Analysis tools
- Design, build, and document application security technology standards, processes, and operational workflows.
- Develop and maintain metrics & reports on the status of the application security operations program.
- Attend and participate in application projects and the change management process. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning.
- Align with the Cybersecurity Architects and Application Development teams for a mission of secure design.
- Regularly monitor the application security community for public-facing security issues, as well as to learn new tactics that can be used in testing.
- As part of the overall Cybersecurity Operations Team, work in tandem with the security operations center (SOC), incident responders (when anomalous activity and host compromise occurs), and technology infrastructure and development team members.
- Participate in established incident response procedures to ensure proper escalation, analysis and resolution of security events and incidents.
- Utilize incident response use-case workflows to follow established and repeatable processes for triaging and escalation.
- Analyze and correlate incident event data to develop preliminary root cause and corresponding remediation strategy.
- Perform case management throughout the event and incident investigation lifecycle for complex security incidents.
- Provide guidance to junior-level security engineers.
- At least 5+ years’ experience in cybersecurity, to include application risk management, system development and security background.
- Deep understanding of Application Security programs and processes.
- Knowledge of Security Operations, Incident Response, and Threat and Vulnerability Management, tools, processes, and standards.
- Experience with static and dynamic application security testing (SAST/DAST) process
- Strong drive and passion to for Cybersecurity Operations and Application Security; a quick learner with a strong attention to detail and quality.
- Scripting language experience (PowerShell, Python, etc)
Excellent interpersonal and communication skills.
- Experience with database security assessments
- Cloud Workload Security Management
- Certification (or ability to obtain certification) in at least one of the following areas: General Security (CISSP, GSEC), Cloud Security (GCLD, Cloud+, CCSK), and Ethical Hacking/Penetration Testing (OSCP, CEH, GPEN)
- Experience with advanced cyber security tools, network topologies, intrusion detection, and secured networks
- In-depth understanding of NIST SP 800-61,?SOC 2 AICPA controls and frameworks.
Working in an evolving healthcare setting, we use our shared expertise to deliver innovative solutions. Our fast-growing team has opportunities to learn and grow through rewarding interactions, collaboration and the freedom to explore professional interests.