Application Security Principal

Information Technology Dublin, Ohio

Apply Now

Description

Who we are

Founded in 1999 and headquartered in Central Ohio, we’re a privately-owned, independent healthcare navigation organization. We believe that no one should have to navigate the cost and complexity of healthcare alone, and we’re on a mission to make healthcare simpler and more effective for our millions of members. Our big-hearted, tech-savvy team fights to ensure that our members get the care they need, when they need it, at the most affordable cost – that’s why we call ourselves Healthcare Warriors®.

We’re committed to building diverse and inclusive teams – more than 2,000 of us and counting – so if you’re excited about this position, we encourage you to apply – even if your experience doesn’t match every requirement.

About the role

The Application Security Principal is a senior, hands-on security leader who reports directly to the Chief Information Security Officer (CISO) and is responsible for building, operating, and continuously improving the enterprise Application Security (AppSec) program. The role is deeply embedded within software engineering initiatives, working side-by-side with development teams to enable secure-by-design and secure-by-default software delivery. This leader focuses on teaching, mentoring, and influencing engineers to write secure code and to effectively use modern AppSec tools and automation to reduce risk while maintaining delivery velocity. The role operates in a regulated healthcare environment and ensures alignment with HIPAA and HITRUST requirements.
Location: This position is located at our Dublin, OH campus or may work remotely anywhere in the United States of America.

What you’ll do (Essential Responsibilities)

  • Create, own, and drive the enterprise Application Security program, including vision, strategy, roadmap, and operating model.
  • Embed within software engineering projects to provide hands-on guidance for secure design, coding, testing, and deployment practices.
  • Teach, mentor, and lead software engineers to improve secure coding skills and security decision-making throughout the SDLC.
  • Define and operationalize a secure SDLC, including threat modeling, secure design reviews, automated security testing, and release controls.
  • Own and optimize application security tooling and workflows, including Snyk, SonarCloud, GitHub Advanced Security, GitHub Copilot, Palisade, and related CI/CD integrations.
  • Establish developer-friendly remediation workflows, including prioritized findings, fix guidance, and automation where possible.
  • Partner with Engineering and Product leadership to align application security priorities with business objectives and delivery timelines.
  • Lead threat modeling and architectural risk assessments for new applications, APIs, and major enhancements.
  • Develop and track AppSec metrics and KPIs that demonstrate risk reduction, coverage, and program effectiveness.
  • Ensure application security controls and practices meet HIPAA Security Rule and HITRUST CSF requirements and support audit readiness.
  • Collaborate with infrastructure, cloud, and enterprise security teams on identity, secrets management, and secure platform patterns.
  • Support security incident response activities related to application vulnerabilities and contribute to root-cause analysis and long-term remediation.
  • Build and lead an application security champions or guild program to scale secure development practices across teams.
  • All other duties as assigned.

What you’ll bring (Qualifications)

  • Experience: Extensive experience designing and leading application security programs within complex enterprise environments.
  • Strong background in software engineering with the ability to read, review, and reason about code for security issues.
  • Hands-on experience integrating and operating modern AppSec tools such as Snyk, SonarCloud, GitHub Advanced Security, and CI/CD pipelines.
  • Experience guiding developers in the effective and responsible use of AI-assisted development tools such as GitHub Copilot.
  • Deep understanding of secure SDLC principles, threat modeling methodologies, and common application vulnerability classes.
  • Experience securing cloud-native, API-driven, and microservices-based architectures.
  • Strong knowledge of healthcare regulatory requirements, including HIPAA and HITRUST, and their application to software development.
  • Proven ability to influence without authority and to build strong partnerships with engineering and product teams.
  • Excellent communication and teaching skills, with the ability to translate security concepts into practical developer guidance.
  • Demonstrated leadership, program management, and strategic planning capabilities.
  • A high degree of personal accountability and trustworthiness, a commitment to working within Quantum Health’s policies, values and ethics, and protecting the sensitive data entrusted to us.

--

#LI-AK1 #LI-Hybrid #LI-Remote



What’s in it for you

  • Compensation: Competitive base and incentive compensation
  • Coverage: Health, vision and dental featuring our best-in-class healthcare navigation services, along with life insurance, legal and identity protection, adoption assistance, EAP, Teladoc services and more.
  • Retirement: 401(k) plan with up to 4% employer match and full vesting on day one.
  • Balance: Paid Time Off (PTO), 7 paid holidays, parental leave, volunteer days, paid sabbaticals, and more.
  • Development: Tuition reimbursement up to $5,250 annually, certification/continuing education reimbursement, discounted higher education partnerships, paid trainings and leadership development.
  • Culture: Recognition as a Best Place to Work for 15+ years, dedication to diversity, philanthropy and sustainability, and people-first values that drive every decision.
  • Environment: A modern workplace with a casual dress code, open floor plans, full-service dining, free snacks and drinks, complimentary 24/7 fitness center with group classes, outdoor walking paths, game room, notary and dry-cleaning services and more!


What you should know


  • Internal Associates: Already a Healthcare Warrior? Apply internally through Jobvite.
  • Process: Application > Phone Screen > Online Assessment(s) > Interview(s) > Offer > Background Check.
  • Diversity, Equity and Inclusion: Quantum Health welcomes everyone. We value our diverse team and suppliers, we’re committed to empowering our ERGs, and we’re proud to be an equal opportunity employer .

  • Tobacco-Free Campus: To further enable the health and wellbeing of our associates and community, Quantum Health maintains a tobacco-free environment. The use of all types of tobacco products is prohibited in all company facilities and on all company grounds.
  • Compensation Ranges: Compensation details published by job boards are estimates and not verified by Quantum Health. Details surrounding compensation will be disclosed throughout the interview process. Compensation offered is based on the candidate’s unique combination of experience and qualifications related to the position.
  • Sponsorship: Applicants must be legally authorized to work in the United States on a permanent and ongoing future basis without requiring sponsorship.
  • Agencies: Quantum Health does not accept unsolicited resumes or outreach from third-parties. Absent a signed MSA and request/approval from Talent Acquisition to submit candidates for a specific requisition, we will not approve payment to any third party.


Reasonable Accommodation: Should you require reasonable accommodation(s) to participate in the application/interview/selection process, or in order to complete the essential duties of the position upon acceptance of a job offer, click here to submit a recruitment accommodation request.



Recruiting Scams: Unfortunately, scams targeting job seekers are common. To protect our candidates, we want to remind you that authorized representatives of Quantum Health will only contact you from an email address ending in @quantum-health.com. Quantum Health will never ask for personally identifiable information such as Date of Birth (DOB), Social Security Number (SSN), banking/direct/tax details, etc. via email or any other non-secure system, nor will we instruct you to make any purchases related to your employment. If you believe you’ve encountered a recruiting scam, report it to the Federal Trade Commission and your state’s Attorney General.

Apply Now Apply Later
← Back to Current Openings

Share This Job