Application Security Engineer
Remote - United States
Quartet is a platform that makes it easier for people to get the best mental health care for them. Our technology and services reach people who need care, connect them to the right care, track the quality of their care, and support their care journeys. Backed by $160.5MM in venture funding from top investors like Oak HC/FT, GV (formerly Google Ventures), F-Prime Capital Partners, Polaris Partners, Deerfield Management, Centene Corporation, and Echo Health Ventures, Quartet partners with health insurance plans and health systems in 32 states across the country to help people get the care they need.
About the team & Opportunity: You will be part of our growing security team at Quartet Health. You will be tasked with the build-out of Quartet's security infrastructure, with a focus on automation, and eventually your focus will shift to day-to-day operations and break/fix.
- Design, test, and deploy various security solutions for Quartet’s internal and external systems
- Implement effective methods in anomaly-based attack detection / prevention and attack surface reduction
- Automate the static code analysis (SCA) process to detect security vulnerabilities before code is deployed
- Promote secure coding practices within the application development teams
- Work on improvement of existing tools and development of new tools
Qualifications - Minimum
- 3+ years working as a Security Analyst, Security Engineer (or comparable role), preferably in an AWS environment
- You are adept at using scripting languages to automate tasks (Python, AWK, Nodejs)
- You understand modern web application architecture (MVC using React / Angular) and how to secure it (OWASP)
- Have a solid understanding of common networking protocols and operations engineering (specifically MacOS and popular Linux variants)
Qualifications - Preferred
- Familiarity with Open Source security tools (e.g. ELK stack) and common network services (LDAP, DNS, NTP, etc.)
- Familiarity with the following security domains: Incident Management/Forensics (primarily MacOS and Linux Ubuntu); Vulnerability Management (Tenable, Amazon Web-Services integrations); Application Security:Web-app security scanners (Burp Suite, Netsparker), Auditing code for vulnerabilities; Compliance (HIPAA, NIST 800-171, HITRUST)
- Knowledge of security standards, principles, techniques, and technologies (OWASP, ISO27001, NIST 800-53, Common Criteria TSPs etc.)
Employee Benefits for Quartet include: Unlimited vacation, volunteer opportunities, team events, mental healthcare coverage of 15 free therapy sessions + unlimited copay reimbursements, medical, dental + vision coverage, generous parental and military leave, commuter benefits, 401K, and stock option grants.
Want to know what Quartet life is like? Click here to meet our team.
Quartet is committed to building a diverse team and fostering an inclusive culture, and is proud to be an equal opportunity employer. We embrace and encourage our employees' differences in race, religion, color, national origin, gender, family status, sexual orientation, gender identity, gender expression, age, veteran status, disability, pregnancy, medical conditions, and other characteristics. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. Quartet does not accept unsolicited headhunter and agency resumes. Quartet will not pay fees to any third-party agency or company that does not have a signed agreement with Quartet.
Please note: Quartet interview requests and job offers only originate from quartethealth.com email addresses (e.g. firstname.lastname@example.org). Quartet will also never ask for bank information (e.g. account and routing number), social security numbers, passwords, or other sensitive information to be delivered via email. If you receive a scam email or wish to report a security issue involving Quartet, please notify us at: email@example.com
Have someone to refer? Email firstname.lastname@example.org to submit their details to us.