Senior Security Engineer
Remote - US
Posted 1 month ago
Clover is reinventing health insurance by working to keep people healthier.
We value diversity — in backgrounds and in experiences. Healthcare is a universal concern, and we need people from all backgrounds and swaths of life to help build the future of healthcare. Clover's Security & Solutions Engineering team is empathetic, caring, and supportive. We are deliberate and self-reflective about the kind of engineering team and culture that we are building, seeking engineers that are not only strong in their own aptitudes but care deeply about supporting each other's growth.
We are looking for a Senior Security Engineer with application security and web application development experience along with leadership skills. In this position, you will act as the lead application security engineer and should possess a deep understanding of the OWASP Top 10, CWE 25, Data Protection, Access management software vulnerabilities and best practices, as well as design and threat modeling knowledge. You should be excited to work in a dynamic environment where you will work with developers in producing secure code in short time frames and are willing to go beyond the standard routine.
As a Senior Security Engineer, you will:
- Work as part of a team of software and security engineers to aide in designing, maintaining, and building best-in-class product security tools and services.
- Act as the technical point of contact for product teams as it relates to automation, CI/CD, and Product Application security operations.
- Build tools and automation scripts that help enable engineering teams to easily consume security services.
- Be responsible for security product recommendations, QA, and Testing.
- Build trusting relationships with product development teams.
- Improve the accessibility of security through all available means.
- Understand existing processes and identify how to improve and streamline them in order to improve team efficiency and effectiveness.
- Configure security systems, analyze security requirements, and recommend improvements for existing projects.
- Perform vulnerability and penetration testing, helping to identify and defend against threats.
- Ensure that the company knows as much as possible, as quickly as possible about security incidents in products and services.
- Write comprehensive reports including assessment-based findings, outcomes and suggestions for further system security enhancement.
- Consult with peers, management, and executives about the best security practices and provide technical advice.
- Prepare and document standard operating procedures.
- Assist in other security-related duties and functions across the organization as-needed.
You will love this job if:
- You enjoy a fast-paced and challenging environment where you will have the ability to directly impact company goals and objectives via your contributions to securing the organization.
- You strive to promote security-centric approaches to all aspects of an organization.
- You enjoy working in a cloud-based infrastructure and company environment.
- You have the ability to effectively present and communicate security threats and risks to ANY audience and impress upon them the mitigation techniques and strategies.
- You have strong problem solving and analytical skills; you are able to quickly digest any issue/problem encountered and can recommend an appropriate solution.
- You are able to identify root-cause of issues and drive solutions from identification, research, remedy and completion, and are able to negotiate and bring consensus to diverse priorities of product development and solution teams.
You should get in touch if:
- You have 5+ years of experience in Web Application Security, Secure SDLC and Threat Modeling.
- You have a strong understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment.
- You are well versed in web application design, penetration testing, application risk assessment and risk categorization.
- You have had previous success in implementing effective Secure SDLC frameworks across a large corporation.
- You have experience in managing application security testing tools including SAST, DAST and Open Source Vulnerability Scanning.
- You are familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. We are an E-Verify company.
About Clover: We are reinventing health insurance by combining the power of data with human empathy to keep our members healthier. We believe the healthcare system is broken, so we've created custom software and analytics to empower our clinical staff to intervene and provide personalized care to the people who need it most.
We always put our members first, and our success as a team is measured by the quality of life of the people we serve. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.
From Clover’s inception, Diversity & Inclusion have always been key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences and backgrounds, who share a passion for improving people's lives. Diversity not only includes race and gender identity, but also age, disability status, veteran status, sexual orientation, religion and many other parts of one’s identity. All of our employee’s points of view are key to our success, and inclusion is everyone's responsibility.