Application Security Engineer
Overland Park, Kansas, United States
Applications have closed
WellSky
WellSky® offers health care software solutions for every kind of care including home health, hospice, blood management, and more. Request a free demo today!WellSky is seeking a Application Security Engineer.
The Application Security Engineer is primarily responsible for embedding security into the day to day activities of our software engineering teams. The Application Security Engineer conducts web application security assessments, automated security testing and code review as part of the software development lifecycle. Work with Product Management, Engineering, and Quality Assurance to perform application penetration tests, automated vulnerability assessment scans, risk assessments, and code reviews. Tasked with identifying and reporting on vulnerabilities in applications developed by WellSky and their supporting infrastructure, and researching threats and attack vectors that impact web, enterprise and mobile applications. With a focus on turning vulnerabilities into actionable opportunities to improve the security posture of our products and systems, the Application Security Engineer will also assist the Product Engineering and IT teams in the remediation efforts.
A day in the life?
You will be responsible for:
- Conduct audit of existing application code and recommend industry best practices in the area, as well as, having the capability to analyze multiple instances of vulnerability patterns that can be traced to single root causes to eliminate existing risks
- Developing and updating security patterns aligned with security requirements
- Participate in security design reviews, code auditing, security assessments on both internal and external software
- Help to develop, collect and report on metrics to measure the success of the application security program, including quantitative metrics, reporting, and analysis. Automate monthly reporting for application scanning results
- Provide guidance to Product Engineering on security testing (submitting scans, analyzing scan results, remediation advice on secure coding techniques, etc.) including hands-on operational tasks as needed
- Ensure existing application security controls in place are adequate or identify those that require improvement.
- Support application security initiatives to ensure the software applications do not pose information risk to the company.
- Build tools, processes, and training that help engineers eliminate bug classes
- Consult with and develop training for Product Engineering to help them to develop secure software
- Ensure 3rd party software and development meet our security standards
- Participate in tasks to define and review our application development related security policies and standards
- Assist with the incident response procedures, including identifying, investigating, and help resolve security incidents
- Integrate Static and Dynamic Application Security Testing and reporting into the SDLC to ensure that new applications or applications undergoing a major change are assessed for vulnerabilities prior to production implementation.
- Assist teams with their implementation of automated security testing into the CI/CD pipeline with security scanning tools
- Monitor and upgrade scanning tools
Do you have what it takes?
Required Experience:
- 3+ years of professional development or application security experience
- Able to translate business requests and problem management cases into actionable work efforts
- Strong knowledge of secure development and secure architecture
- Understanding of application architectures, particularly .NET web applications, Amazon Web Services and common security problems in them
- Strong verbal, written, and interpersonal skills, team player who is comfortable collaborating and with a range of partners and stakeholders including compliance, legal, operational excellence, privacy, risk oversight, and many other partners to influence and promote best information security and information technology throughout the enterprise.
- Demonstrated analytical and problem-solving abilities to identify and remediate security risks
- Self-motivated and able to deal with multiple projects.
- Develop a culture of in-depth understanding as to why security testing is required at both business and internal team level
Job Competencies:
- Expertise in web applications assessment using SAST and DAST tools such as CheckMarx, VeraCode, BurpSuite, OWASP ZED Attack Proxy, Nessus, Nexpose, and open source tools.
- Ability to conduct penetration testing/application vulnerability testing with a skill in creating new exploits for pen testing tools.
- Experience in security assessment against OWASP and other standards
- Expert knowledge of current and emerging threats and industry frameworks for vulnerability analysis and reporting
- Proven ability to adjust quickly to shifting priorities, multiple demands, ambiguity and rapid change
Do you stand above the rest?
Preferred Experience?
- Bachelor’s Degree in computer science or information security/systems or equivalent experience in lieu of a degree required
- Hands-on experience in a health care/HIPAA environment, or equivalent demonstration of similar regulator controls and processes;
- Experience with Agile, Scrum and/or KanBan a plus;
- Ability to explain vulnerabilities and weaknesses, and discuss effective defensive techniques to non-experts
- Interest in all aspects of security research and development
- CSSLP, GWAPT, CEH, or other applicable certifications
- JavaScript, C++, C#
- Self-motivated individual who can combine exceptional problem-resolution and critical thinking skills with an ability to apply a business lens to recommendations
- Collaborative and team-oriented approach to solving business problems
#LI-PM
About WellSky
WellSky is a leading supplier of software and services solutions that help acute, post-acute, and human service providers improve efficiency, support business growth, and provide intelligent care to patients and people in need. WellSky is headquartered in Overland Park, KS with 1,800 teammates across the U.S., Canada, and the U.K. WellSky serves more than 20,000 client sites around the world - including the largest hospital systems, blood banks and labs, in-home care agencies, post-acute care facilities, government agencies, and human services organizations. WellSky's software and services address the continuum of health and social care - helping businesses, organizations, and communities solve touch challenges, improve collaboration for growth, and achieve better outcomes through predictive insights that only WellSky solutions can provide. Informed by 40 years of providing software and expertise, WellSky anticipates providers' needs and innovates relentlessly to help people thrive. Our purpose is to empower care heroes with technology for good, so that together, we can realize care's potential and maintain a healthy, flourishing world.
We're looking for talented individuals who want to use their skills to build a strong, technology-driven company. We offer competitive salaries, great benefits, a new Health Savings Account with a generous employer contribution and a casual and fun environment that encourages quality, creativity and excellence. Enjoy all we have to offer. We invite you to join us. Apply today!
WellSky provides equal employment opportunities to all people without regard to race, color, national origin, ancestry, citizenship, age, religion, gender, sex, sexual orientation, gender identity, gender expression, marital status, pregnancy, physical or mental disability, protected medical condition, genetic information, military service, veteran status, or any other status or characteristic protected by law. WellSky is proud to be a drug-free workplace.
Applicants for U.S. based positions with WellSky must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.
Tags: Agile Application security Audits Burp Suite C CEH Checkmarx CI/CD Compliance Computer Science DAST Exploits GWAPT HIPAA Incident response JavaScript Kanban Nessus Open Source OWASP Pentesting Privacy SAST Scrum SDLC Security assessment Veracode Vulnerabilities
Perks/benefits: Career development Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs