Senior Security Engineer, Application Security

Hi, we're Oscar. We're hiring a Senior Security Engineer, Application Security to join our Security team.

Oscar is the first health insurance company built around a full stack technology platform and a focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselves—one that behaves like a doctor in the family.

About the role

As a Senior Security Engineer, you will collaborate closely with cross-functional teams to proactively identify, address, and resolve security concerns across Oscar's comprehensive tech infrastructure, encompassing Web Applications, Mobile Apps, Networks, and Cloud systems. Your primary objective will be to safeguard classified information by thoroughly assessing and examining Oscar's applications and infrastructure by executing and documenting technical assessments based on esteemed industry standards (OWASP) and best practices, meticulously pinpointing security vulnerabilities within Oscar's owned assets. In addition, you will be responsible for presenting identified risks and providing guidance on best practices to prevent future vulnerabilities.

You will report to the Manager, Security Architecture.

Work Location

Oscar is a blended work culture where everyone, regardless of work type or location, feels connected to their teammates, our culture and our mission.

This is a hybrid role in our New York office (in Hudson Square).  You will be expected to come into the office at least two days each week and work-from-home on other days. #LI-Hybrid

Pay Transparency

The base pay for this role is: $144,000 - $189,000 per year. You are also eligible for employee benefits, participation in Oscar’s unlimited vacation program, company equity grants and annual performance bonuses.

Responsibilities

• Collaborate closely with cross-functional teams to proactively identify, address, and resolve security concerns across Oscar's comprehensive tech infrastructure, encompassing Web Applications, Mobile Apps, Networks, and Cloud systems, including proposing enhanced controls and procedural strategies to mitigate technical risks 
• Demonstrate an in-depth comprehension of Oscar's technological landscape
• Collaborate effectively with Security Leadership, providing insights into technical issues and their potential impacts
• Engage in multiple-layers of oscars Technology stack to design security measures around protecting Oscars systems
• Simplify intricate security concerns into actionable steps for effective remediation or risk mitigation
• Compliance with all applicable laws and regulations
• Other duties as assigned

What you may work on

Some sample projects in this role may include:

• Execute and meticulously document technical assessments based on esteemed industry standards (OWASP) and best practices, meticulously pinpointing security vulnerabilities within Oscar's owned assets. This includes conducting Threat Modeling, Architecture/Design Reviews, Application and Cloud Security Testing (Red Teaming), and Manual Vulnerability Assessments.
• Spearhead internal workshops involving cross-functional teams to analyze outcomes from technical assessments, devising comprehensive plans to mitigate identified risks effectively.
• Define robust hardening and secure design standards, leveraging them to conduct thorough application security reviews in collaboration with developer teams.

Qualifications

• 3+ years experience in Technology related field 
• 2+ years experience in Security

Bonus Points

• Familiarity with industry standards and compliance frameworks (such as SOC, SOX., NIST,, HIPAA) and experience in ensuring organizational adherence to these standards.
• Hands-on experience in developing Web/Mobile Applications.
• Hands-on experience in evaluating Web Applications, Cloud Environments, Mobile Applications, and Network security.
• Proficiency in industry-standard methodologies and frameworks for security testing (OWASP, OSSTM, PTES).
• Proficient familiarity with AWS and GCP.
• Experience utilizing containers and container orchestration technology (Mesos and Kubernetes).
• Possession of industry-recognized certifications pertaining to application/offensive security (OSCP, OSCE, OSWP, OSWA, OSWE, CSSLP).
• Experience in assessing containers for potential security vulnerabilities.
• Experience Threat Modeling

This is an authentic Oscar Health job opportunity. Learn more about how you can safeguard yourself from recruitment fraud here. 

At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves and find both belonging and support. We're on a mission to change health care -- an experience made whole by our unique backgrounds and perspectives..

Pay Transparency: 

Final offer amounts, within the base pay set forth above, are determined by factors including your relevant skills, education, and experience.

Full-time employees are eligible for benefits including: medical, dental, and vision benefits, 11 paid holidays, paid sick time, paid parental leave, 401(k) plan participation, life and disability insurance, and paid wellness time and reimbursements.

Reasonable Accommodation:

Oscar applicants are considered solely based on their qualifications, without regard to applicant’s disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team (accommodations@hioscar.com) to make the need for an accommodation known.