Senior Security Engineer, Application Security

New York City, United States

Oscar

Oscar offers health insurance plans for individuals and families, and small businesses. Find a plan that's right for you.

View company page

Hi, we're Oscar. We're hiring a Senior Security Engineer, Application Security to join our Security team.

Oscar is the first health insurance company built around a full stack technology platform and a focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselves—one that behaves like a doctor in the family.

 

About the role

As a Senior Security Engineer, you will collaborate closely with cross-functional teams to proactively identify, address, and resolve security concerns across Oscar's comprehensive tech infrastructure, encompassing Web Applications, Mobile Apps, Networks, and Cloud systems. Your primary objective will be to safeguard classified information by thoroughly assessing and examining Oscar's applications and infrastructure by executing and documenting technical assessments based on esteemed industry standards (OWASP) and best practices, meticulously pinpointing security vulnerabilities within Oscar's owned assets. In addition, you will be responsible for presenting identified risks and providing guidance on best practices to prevent future vulnerabilities.

You will report to the Manager, Security Architecture.

 

Work Location

Oscar is a blended work culture where everyone, regardless of work type or location, feels connected to their teammates, our culture and our mission.

This is a hybrid role in our New York office (in Hudson Square).  You will be expected to come into the office at least two days each week and work-from-home on other days. #LI-Hybrid

 

Pay Transparency

The base pay for this role is: $144,000 - $189,000 per year. You are also eligible for employee benefits, participation in Oscar’s unlimited vacation program, company equity grants and annual performance bonuses.

 

Responsibilities

  • Collaborate closely with cross-functional teams to proactively identify, address, and resolve security concerns across Oscar's comprehensive tech infrastructure, encompassing Web Applications, Mobile Apps, Networks, and Cloud systems, including proposing enhanced controls and procedural strategies to mitigate technical risks 
  • Demonstrate an in-depth comprehension of Oscar's technological landscape
  • Collaborate effectively with Security Leadership, providing insights into technical issues and their potential impacts
  • Engage in multiple-layers of oscars Technology stack to design security measures around protecting Oscars systems
  • Simplify intricate security concerns into actionable steps for effective remediation or risk mitigation
  • Compliance with all applicable laws and regulations
  • Other duties as assigned

 

What you may work on

Some sample projects in this role may include:

  • Execute and meticulously document technical assessments based on esteemed industry standards (OWASP) and best practices, meticulously pinpointing security vulnerabilities within Oscar's owned assets. This includes conducting Threat Modeling, Architecture/Design Reviews, Application and Cloud Security Testing (Red Teaming), and Manual Vulnerability Assessments.
  • Spearhead internal workshops involving cross-functional teams to analyze outcomes from technical assessments, devising comprehensive plans to mitigate identified risks effectively.
  • Define robust hardening and secure design standards, leveraging them to conduct thorough application security reviews in collaboration with developer teams.

 

Qualifications

  • 3+ years experience in Technology related field 
  • 2+ years experience in Security

 

Bonus Points

  • Familiarity with industry standards and compliance frameworks (such as SOC, SOX., NIST,, HIPAA) and experience in ensuring organizational adherence to these standards.
  • Hands-on experience in developing Web/Mobile Applications.
  • Hands-on experience in evaluating Web Applications, Cloud Environments, Mobile Applications, and Network security.
  • Proficiency in industry-standard methodologies and frameworks for security testing (OWASP, OSSTM, PTES).
  • Proficient familiarity with AWS and GCP.
  • Experience utilizing containers and container orchestration technology (Mesos and Kubernetes).
  • Possession of industry-recognized certifications pertaining to application/offensive security (OSCP, OSCE, OSWP, OSWA, OSWE, CSSLP).
  • Experience in assessing containers for potential security vulnerabilities.
  • Experience Threat Modeling

This is an authentic Oscar Health job opportunity. Learn more about how you can safeguard yourself from recruitment fraud here

At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves and find both belonging and support. We're on a mission to change health care -- an experience made whole by our unique backgrounds and perspectives..

Pay Transparency: 

Final offer amounts, within the base pay set forth above, are determined by factors including your relevant skills, education, and experience.

Full-time employees are eligible for benefits including: medical, dental, and vision benefits, 11 paid holidays, paid sick time, paid parental leave, 401(k) plan participation, life and disability insurance, and paid wellness time and reimbursements.

Reasonable Accommodation:

Oscar applicants are considered solely based on their qualifications, without regard to applicant’s disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team (accommodations@hioscar.com) to make the need for an accommodation known.

Apply now Apply later
  • Share this job via
  • or

Tags: Application security AWS Cloud Compliance Full stack GCP HIPAA Kubernetes Network security NIST Offensive security OSCE OSCP OSWE OSWP OWASP Red team SOC SOX Vulnerabilities

Perks/benefits: Equity Health care Home office stipend Insurance Medical leave Parental leave Salary bonus Transparency Unlimited paid time off

Region: North America
Country: United States
Job stats:  19  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.