Application Security Engineer
Overland Park, Kansas, United States
WellSky is seeking a Application Security Engineer.
The Application Security Engineer is primarily responsible for embedding security into the day to day activities of our software engineering teams. The Application Security Engineer conducts web application security assessments, automated security testing and code review as part of the software development lifecycle. Work with Product Management, Engineering, and Quality Assurance to perform application penetration tests, automated vulnerability assessment scans, risk assessments, and code reviews. Tasked with identifying and reporting on vulnerabilities in applications developed by WellSky and their supporting infrastructure, and researching threats and attack vectors that impact web, enterprise and mobile applications. With a focus on turning vulnerabilities into actionable opportunities to improve the security posture of our products and systems, the Application Security Engineer will also assist the Product Engineering and IT teams in the remediation efforts.
A day in the life?
You will be responsible for:
- Conduct audit of existing application code and recommend industry best practices in the area, as well as, having the capability to analyze multiple instances of vulnerability patterns that can be traced to single root causes to eliminate existing risks
- Developing and updating security patterns aligned with security requirements
- Participate in security design reviews, code auditing, security assessments on both internal and external software
- Help to develop, collect and report on metrics to measure the success of the application security program, including quantitative metrics, reporting, and analysis. Automate monthly reporting for application scanning results
- Provide guidance to Product Engineering on security testing (submitting scans, analyzing scan results, remediation advice on secure coding techniques, etc.) including hands-on operational tasks as needed
- Ensure existing application security controls in place are adequate or identify those that require improvement.
- Support application security initiatives to ensure the software applications do not pose information risk to the company.
- Build tools, processes, and training that help engineers eliminate bug classes
- Consult with and develop training for Product Engineering to help them to develop secure software
- Ensure 3rd party software and development meet our security standards
- Participate in tasks to define and review our application development related security policies and standards
- Assist with the incident response procedures, including identifying, investigating, and help resolve security incidents
- Integrate Static and Dynamic Application Security Testing and reporting into the SDLC to ensure that new applications or applications undergoing a major change are assessed for vulnerabilities prior to production implementation.
- Assist teams with their implementation of automated security testing into the CI/CD pipeline with security scanning tools
- Monitor and upgrade scanning tools
Do you have what it takes?
- 3+ years of professional development or application security experience
- Able to translate business requests and problem management cases into actionable work efforts
- Strong knowledge of secure development and secure architecture
- Understanding of application architectures, particularly .NET web applications, Amazon Web Services and common security problems in them
- Strong verbal, written, and interpersonal skills, team player who is comfortable collaborating and with a range of partners and stakeholders including compliance, legal, operational excellence, privacy, risk oversight, and many other partners to influence and promote best information security and information technology throughout the enterprise.
- Demonstrated analytical and problem-solving abilities to identify and remediate security risks
- Self-motivated and able to deal with multiple projects.
- Develop a culture of in-depth understanding as to why security testing is required at both business and internal team level
- Expertise in web applications assessment using SAST and DAST tools such as CheckMarx, VeraCode, BurpSuite, OWASP ZED Attack Proxy, Nessus, Nexpose, and open source tools.
- Ability to conduct penetration testing/application vulnerability testing with a skill in creating new exploits for pen testing tools.
- Experience in security assessment against OWASP and other standards
- Expert knowledge of current and emerging threats and industry frameworks for vulnerability analysis and reporting
- Proven ability to adjust quickly to shifting priorities, multiple demands, ambiguity and rapid change
Do you stand above the rest?
- Bachelor’s Degree in computer science or information security/systems or equivalent experience in lieu of a degree required
- Hands-on experience in a health care/HIPAA environment, or equivalent demonstration of similar regulator controls and processes;
- Experience with Agile, Scrum and/or KanBan a plus;
- Ability to explain vulnerabilities and weaknesses, and discuss effective defensive techniques to non-experts
- Interest in all aspects of security research and development
- CSSLP, GWAPT, CEH, or other applicable certifications
- Self-motivated individual who can combine exceptional problem-resolution and critical thinking skills with an ability to apply a business lens to recommendations
- Collaborative and team-oriented approach to solving business problems
WellSky is a leading supplier of software and services solutions that help acute, post-acute, and human service providers improve efficiency, support business growth, and provide intelligent care to patients and people in need. WellSky is headquartered in Overland Park, KS with 1,800 teammates across the U.S., Canada, and the U.K. WellSky serves more than 20,000 client sites around the world - including the largest hospital systems, blood banks and labs, in-home care agencies, post-acute care facilities, government agencies, and human services organizations. WellSky's software and services address the continuum of health and social care - helping businesses, organizations, and communities solve touch challenges, improve collaboration for growth, and achieve better outcomes through predictive insights that only WellSky solutions can provide. Informed by 40 years of providing software and expertise, WellSky anticipates providers' needs and innovates relentlessly to help people thrive. Our purpose is to empower care heroes with technology for good, so that together, we can realize care's potential and maintain a healthy, flourishing world.
We're looking for talented individuals who want to use their skills to build a strong, technology-driven company. We offer competitive salaries, great benefits, a new Health Savings Account with a generous employer contribution and a casual and fun environment that encourages quality, creativity and excellence. Enjoy all we have to offer. We invite you to join us. Apply today!
WellSky provides equal employment opportunities to all people without regard to race, color, national origin, ancestry, citizenship, age, religion, gender, sex, sexual orientation, gender identity, gender expression, marital status, pregnancy, physical or mental disability, protected medical condition, genetic information, military service, veteran status, or any other status or characteristic protected by law. WellSky is proud to be a drug-free workplace.
Applicants for U.S. based positions with WellSky must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.