Application Security Engineer
American Specialty Health Incorporated is seeking an Application Security Engineer to join our Information Security Operations Department. This position will protect and defend the information security posture and information assets from cyber security threats; maintain strong regulatory compliance; and reduce cyber risks to the organization.
Remote Worker Considerations:
Candidates who are selected for this position will be trained virtually and must have the capability to work from home in a designated work area with company-provided technology equipment.
- Performs day-to-day information security functions.
- Designs and documents the implementation and improvements (including automation) of information security solutions in concert with DevSecOps activities.
- Administers security-related systems including but not limited to: Security and compliance testing software, web application firewalls, open source software, attack simulation, and vulnerability management.
- Works with developers, engineers, and compliance leaders to create and maintain secure and compliant applications and routinely participates in their scrum teams and cadence.
- Develop and maintain application bug bounty program(s)
- Develop and manage red teaming / internal penetration testing program(s)
- Administration of Vulnerability Management Program in coordination with the Enterprise Patching Team and Corporate Architecture Solutions Team
- Develops trust-based relationships with business leaders, peers, and software engineering and become a voice of information security. Assesses and manages risk with limited supervision.
- Coordinates security issue and remediation efforts between different ASH scrum teams, sets clear expectations about responsibilities, communicate about outcomes and measure success, escalates and communicates to management appropriately.
- Mentors developers, DevSecOps and other workforce in the discipline of Application Security
- Works with vendors and application security services to schedule and addresses application and information security vulnerabilities and risks.
- Maintains updated documentation of technical controls, processes, and procedures.
- Participates in incident response, security testing, penetration testing and red teaming roles.
- Researches and communicates the latest trends in information security and threat environments.
- Implements, manages, and enforces company information security policy and procedures.
- Availability for afterhours work and occasional travel required.
- Bachelor’s degree in IT related field or relevant work experience. If equivalent experience, high school diploma required.
- 5 years of experience in IT with minimum 4 years in software development with security focus, systems/software security testing, and/or security administration or leadership roles.
- Project management experience, ideally with Agile, preferred.
- OSCP+, GWAPT, GXPN or equivalent experience preferred.
- Valid driver’s license with good driving record. Availability of automobile for on the job use and proof of insurance.
- Strong experience and detailed technical knowledge in security architecture, systems and network security, authentication, and application security.
- Experience with security vulnerabilities, risk assessment and treatment, and secure software design.
- Ability to program/script automations across languages and platforms, including consumption and processing of common API results.
- Demonstrated experience with software security testing methodologies including threat modeling.
- Demonstrated ability to interact in a positive, respectful manner and establish and maintain cooperative working relationships.
- Ability to display excellent customer service to meet the needs and expectations of both internal and external customers.
- Excellent listening and interpersonal communication skills to identify critical core competencies based on success factors and organizational environment.
- Ability to effectively organize, prioritize, multi-task and manage time.
- Demonstrated accuracy and productivity in a changing environment with constant interruptions.
- Demonstrated ability to analyze information, problems, issues, situations and procedures to develop effective solutions.
- Ability to exercise strict confidentiality in all matters.
Primarily sedentary, able to sit for long periods of time.
Ability to speak, see and hear other personnel and/or objects. Ability to communicate both in verbal and written form. Ability to travel within the facility. Capable of using a telephone and computer keyboard. Ability to lift up to 10 lbs.
Usual office setting.
This job posting is not applicable in CO.
American Specialty Health is an Equal Opportunity/Affirmative Action Employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.
Please view Equal Employment Opportunity Posters provided by OFCCP here.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access our career center as a result of your disability. To request an accommodation, contact our Human Resources Department at (800) 848-3555 x6702.
ASH will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information.