Application Security Engineer
Remote
Applications have closed
Ginger
Headspace can support any team, of any size, at any time through EAP, coaching, therapy, psychiatry services, meditation & mindfulness.
Headspace and Ginger have recently merged to become Headspace Health! While roles are still being recruited separately on our respective websites, new hires from this point forward will be joining Headspace Health. For more information, please speak with your recruiter!
About the Application Security Engineer at Headspace Health:
We take security and compliance seriously. We are looking for a talented Application Security Engineer to liaise with the engineering and IT teams focusing on the following: bug bounty, pentesting, product security incident response, threat modeling, security reviews, and developer security education, along with other Information Security duties and responsibilities.
This critical role is part of our Corporate Technology Information Security team, supporting all aspects of secure engineering, product development, and infrastructure objectives. You will work with a diverse team of talented leaders and contributors who all are working collaboratively to realize our vision of improving the health and happiness of the world.
How your skills and passion will come to life at Headspace Health:
- Support configuration, installation, and management of security tools in remote/office environments and cloud environments.
- Conduct and manage security vulnerability scans and remediation.
- Create and maintain documentation for security standards and processes for security operation activities.
- Review and audit security controls and perform analysis for improvements.
- Identify security requirements and support implementation of necessary security controls
- Assist during security incidents and investigations
What you’ve accomplished:
-
- BS degree or higher in Computer Engineering, MIS or in a STEM major (Science, Technology, Engineering or Math).
- At least 5+ years of experience in information security with experience in vulnerability and threat management, security architecture, and/or incident response.
- At least 3 years of experience in application security for web and mobile based applications
- Knowledge of Cloud Providers, MITRE, CWEs, OWASP Top 10, and SBOM.
- Management and ability to accurately assess problems from multiple perspectives, analyze approach feasibility, and decide on the optimal course of action.
- Hands-on experience with Repository and Artifact Solutions as well as working within a CI/CD pipeline and DevSecOps projects..
- Engineering experience delivering security and compliance initiatives, especially with Secure SDLC.
- A technical background is a must.
- Familiarity with the following languages is a plus: Python, Javascript, Kotlin/Java, Typescript, Obj-C/Swift, GoLang, DART/Flutter.
- Familiarity with the network configuration, database and API maintenance all in a cloud hosting environment is a plus.
- Strong communication: ability to influence and collaborate at every level
- Certifications such as OSWE, eWPT, GWAPT, GMOB, SANS/GIAC certifications are a plus.
- Experience implementing SAST, DAST, RASP, SCA, OSS solutions as part of a security gate are a plus.
- Bug Bounty and Vulnerability Disclosure Programs are a plus.
How to get started:
If you’re excited by the idea of seeing yourself in this role at Headspace Health, please apply with your resume and a cover letter that best expresses your interest and unique qualifications.
Headspace Health participates in the E-Verify Program.
Headspace Health is committed to protecting the privacy and security of your personal data. Please view our privacy notice here.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security C CI/CD Cloud Compliance DAST DevSecOps eWPT GIAC GMOB Golang GWAPT Incident response Java JavaScript Kotlin OSWE OWASP Pentesting Privacy Product security Python SANS SAST SDLC STEM TypeScript Vulnerability scans
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs