Application Security Engineer

RxSense is a high-growth healthtech company empowering clients and consumers with technology to access lower cost prescription drugs. Its transformative cloud-based enterprise platform enables clients to take control of their pharmacy benefits with fast, flexible and customizable solutions and real time data insights to improve operational and financial performance -- and ultimately deliver better care to patients nationwide. RxSense also owns and operates SingleCare, a free prescription savings service that offers consumers access to consistently low prices on prescription drugs. Through its partnerships with the country’s largest pharmacies and grocers, including CVS, Walgreens, Walmart, Kroger and Albertsons, SingleCare improves access and adherence to more affordable medications and has helped millions of Americans collectively save over $8 billion on their medications.

RxSense is a great place to work! Our company has earned recognition as one of Fast Company’s Most Innovative Companies, Forbes’ Top Startup Employers, Modern Healthcare's Best Places to Work in Healthcare, and Inc’s Best in Business and Best Workplaces.

Position Summary:

The Application Security Engineer position is a mid-tier role in the RxSense Information Security team that will focus on assessing and managing risks in the application security domain. In this role you will act as an application security SME on project teams and be responsible for performing various security touchpoints throughout the RxSense Software Development Lifecycle.

Must be aware of and comply with all aspects of the RxSense Information Security Program and the policies contained therein. Must always understand the importance of maintaining Information Security in all Business Operations.

Job Responsibilities:

• Work with development and product teams to define security requirements and ensure they are followed
• Partner with development and product teams to drive remediation of security gaps
• Coordinate 3rd party penetration tests and work with internal teams to remediate findings
• Perform architecture and design reviews on company applications
• Monitor and analyze application security logs and events to detect and respond to security threats
• Perform monitoring and management of Web Application Firewall
• Interpret and manually validate Static Application Security Testing (SAST) results
• Manage SAST, SCA and DAST tools to ensure comprehensive testing and remediation of findings
• Analyze and report on risks discovered through application security testing
• Participate on project teams as InfoSec representative
• Ability to quickly adapt to changing priorities as business needs change
• Excellent interpersonal and communication skills a must

Strengths:

• Knowledge and experience with techniques, tools and practices pertaining to securing the SDLC (Software Development Lifecycle).
• Experience with software development, programing, scripting.
• Experience with OWASP ZAP or Burp Proxy
• Experience with static application security testing tools
• Knowledge and experience with implementing and managing web application firewalls
• High level understanding of securing Cloud Platforms, AWS and GCP, cloud architecture
• Although the position is in application security domain, a broad interest/experience across the whole security domain would be an advantage

Requirements:

• BS in Information Systems preferred but appropriate experience is acceptable
• 3+ years of experience in application security, software development, or IT related field

• Must have the ability to identify, analyze and solve security risks pragmatically
• Familiarity with web application architecture, APIs, and cloud environments
• Experience with security standards and frameworks, such as OWASP, NIST, or CIS
• Practical understanding of common application security vulnerabilities
• Excellent problem-solving and analytical skills with demonstrated ability to investigate and solve complex problems
• Excellent communication skills are needed with demonstrated ability to work with multiple organizational functions and levels
• Certifications a plus; GWAPT, GWEB, CISSP, etc.

Salary Range: $120,000 - $135,000

RxSense believes that a diverse workforce is a more talented and productive workforce. As such, we are an Equal Opportunity and Affirmative Action employer. Our recruitment process is free from discriminatory hiring practices and all qualified applicants are considered for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity, ancestry, age, or national origin.  Neither will qualified applicants be discriminated against on the basis of disability or protected veteran status.  We believe in the strength of the collaboration, creativity and sense of community a diverse workforce brings.