Senior Application Security Engineer (Remote)
Anywhere in the US
Applications have closed
Loyal is an organization centered on experience and building a platform that allows consumers to make meaningful decisions when it comes to healthcare. We deeply understand providers, locations, services, appointments, business rules, and moreover, we understand patients -- who they are, the preferred method of communication, upcoming appointments, lapsed appointments, outstanding bills, health risks, and more. With this intelligence, our platform fuels highly relevant and personalized experiences across all mediums (website, email, voice…) allowing patients to get healthy, stay healthy, and have a better relationship with the health care provider.
**This is a remote role**
Summary
The Security Engineer is responsible for developing security training and providing guidance across internal teams. In this role, the Security Engineer will be responsible for maintaining Loyal’s security control framework and continuous control monitoring activities, educating control owners on compliance workflows, and developing security training and guidance for internal development teams. A successful Security Engineer will proactively identify and reduce security risks by finding and flagging outdated and vulnerable code and code libraries.
Reporting to the VP of Engineering, the Security Engineer must demonstrate expert knowledge of architecture, authentication, and system security.
Responsibilities:
- Professionally handle communications with internal and external stakeholders on compliance issues
- Review code to improve software security providing input on all levels of application architecture
- Build software used by engineering teams to ensure their code is secure.
- Review roadmaps, designs and specifications with our Product teams to help craft the product security features and improvements.
- Be an active voice crafting our long term plans and strategy for the application and product security function.
- Partner with our development teams to educate and help them follow best practices to ensure their applications are secure.
- Maintain up-to-date knowledge of Loyal’s products, environment, systems, and architecture
- Consult with other Developers and Product Managers to analyze and propose application security standards, methods, and architectures.
- Educate control owners on compliance workflows and processes
- Maintain Loyal’s security control framework and continuous control monitoring activities
- Gather and report on established metrics within the security compliance programs
- Develop security training and guidance to internal development teams
- Provide subject matter expertise on architecture, authentication, and system security
- Assess security tools and integrate tools as needed, particularly open-source tools
- Familiar with common security libraries, security controls, and common security flaws that apply to .NET and REACT applications.
- Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
- Proactively identify and reduce security risks.
- Find outdated and vulnerable code and code libraries.
- Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities.
- Educate other developers on secure coding best practices.
Qualifications
- Bachelors' degree in a related field or equivalent work experience.
- Minimum of 3 years experience defining and shaping compliance programs
- Minimum of 2 years of software development experience.
- Demonstrated experience meeting the controls of a security framework (SOC 2 preferred)
- Detailed understanding of how compliance works with cloud-native technology stacks
- Knowledge of common authentication technologies.
- Implemented automated tooling and self-service capabilities that improved the efficiency of product security.
- Knowledge of security impacts and controls for applications in cloud environments.
- Knowledge of browser-based security controls such as CSP, HSTS, XFO.
- Experience with standard web application security tools such as Arachni and BurpSuite.
- An understanding of how to write secure code.
- Ability to professionally handle communications with outside researchers, users, and customers.
- Experience working within a software as a service (SaaS) company preferred.
- Experience working within a start-up and/or ambiguous environment, with proven experience to be adaptable preferred.
#LI-REMOTE
Loyal to our employees We are a remote-friendly company! We encourage you to apply from anywhere in the United States. We also believe in a work/life balance that fulfills you while you’re here and supports you when you’re not. We built our benefits package to prove that we’re committed to you having everything you need (including a little fun). Here is what we offer full-time employees:- Flexible paid time off, sick and personal days
- At least one holiday per month (sometimes, more!)
- Full health, dental, and vision insurance - Loyal pays the premium for all employees!
- One Time Home Office Setup Stipend For Remote & Hybrid Roles
- Monthly Internet Stipend for Remote & Hybrid Roles
- Long term & short term disability
- 401[k] plan
- 16 Weeks Paid Parental Leave
- 2 Volunteer days per year
- Matching Gift Program
- Participation Grant Program
- Annual Travel/Team Events up to twice per year (post-COVID)
We believe that the key to Loyal's success is you. Your unique background, life experience, knowledge, self-expression, and talent make you uniquely you. Who you are, what you have experienced, and how you think inspires us to be innovative and bold.
Loyal is an equal opportunity employer. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. We welcome the unique contributions that you can bring in terms of your education, opinions, culture, ethnicity, race, ancestry, sex, gender identity and expression, national origin, citizenship, marital status, age, languages spoken, veteran status, color, religion, disability, sexual orientation, and beliefs.
We consider qualified applicants regardless of criminal histories, consistent with legal requirements.
Further, consistent with applicable federal and state law, Loyal provides reasonable accommodations when requested by qualified applicants or employees with disabilities, unless doing so would cause an undue hardship. Loyal’s policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process. If you require a reasonable accommodation in connection with the application process, please contact the Talent Acquisition Department at talentacquisition@loyalhealth.com.
E-Verify This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the I-9 Form.COVID-19 Vaccinations
Consistent with Loyal policy, candidates performing in-person work will be required to show proof of being fully vaccinated against COVID-19 upon commencing employment. Reasonable accommodations will be considered on a case-by-case basis for exemptions to this requirement in accordance with applicable law. If you require a reasonable accommodation to Loyal’s vaccination requirement, please contact the People Department at people@loyalhealth.com.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Burp Suite Cloud Compliance CSRF Monitoring OWASP Product security SaaS SOC 2 SSRF Strategy Vulnerabilities XSS
Perks/benefits: Career development Flex hours Flex vacation Health care Home office stipend Insurance Parental leave Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs