Senior Application Security Engineer
Remote
ABOUT THE ROLE:
As Rightway's first dedicated Application Security Engineer, you'll take a pivotal role in fortifying our healthcare navigation and pharmacy benefits management platforms. Your mission will be to secure our applications, enhancing the digital safety of our members and partners. You'll be pioneering security solutions for our B2B and B2C applications, dealing with intricate SAML and OAuth flows that support a seamless user experience. We deeply believe in mentorship and learning from each other, so you can expect to both guide and be guided on your journey with us!
WHAT YOU’LL DO:
- Lead the management of vulnerabilities for web and mobile applications, employing both conventional (SaST, SCA, DaST) and advanced (IAST, RASP) techniques.
- Analyze application code for vulnerabilities both in native code and through invocation of third party libraries using tools such as Snyk, SonarQube.
- Spearhead the scoring and triage of vulnerabilities, applying context to CVSS scores and utilizing threat intelligence, and other measures of exploitability (e.g., EPSS) to prioritize real risks over false positives.
- Integrate security practices and standards into the Secure Software Development Life Cycle (SDLC), promoting secure coding across development teams.
- Collaborate with development teams to provide guidance on secure coding practices and assist in remediating identified vulnerabilities.
- Offer expert guidance on identity management solutions including nuanced use of Auth0 and FusionAuth to broker complex SAML 2.0 and OAuth connections for B2B and B2C.
- Evaluate security postures of mobile applications, considering the unique security challenges of iOS/Android platforms.
- Partner closely with Product and Development Teams to drive Security by Design into formal processes, advising on application security from feature to delivery.
- Conduct threat modeling, manage risk, and shape technical designs.
- Develop and refine security testing methodologies.
- Ensure standardization of application logs and automates log analysis.
WHO YOU ARE:
- 10 years of experience, with at least 5 years in a dedicated Application Security Role.
- Maintains an application security certification such GWEB, CASE, CSSLP, CASS, CEH.
- Proficient in backend languages, for example Ruby, Node.JS, Java, C#.
- Possesses advanced knowledge of SAML 2.0, OAuth, OIDC flows at the protocol level.
- Have deep understanding of the architecture of web/mobile applications from a security perspective including front end, back-end/API, authentication, and session management.
- An expert in OWASP top 10 attack vectors and associated mitigations and remediations.
- Operated in one or more regulated environments (e.g., healthcare, finance, education)
- Able to explain nuanced application and security concepts to diverse stakeholders.
- A proactive team player with a positive and collaborative approach, ready to take on independent challenges
BASE SALARY: $148,000 - $190,000
CYBERSECURITY AWARENESS NOTICE
In response to ongoing and industry-wide fraudulent recruitment activities (i.e., job scams), Rightway wants to inform potential candidates that we will only contact them from the @rightwayhealthcare.com email domain. We will never ask for bank details or deposits of any kind as a condition of employment. If you have any questions about a suspicious interaction with Rightway, please feel free to reach out to us at hr@rightwayhealthcare.com.
ABOUT RIGHTWAY:
Rightway is on a mission to harmonize healthcare for everyone, everywhere. Our products guide patients to the best care and medications by inserting clinicians and pharmacists into a patient’s care journey through a modern, mobile app. Rightway is a front door to healthcare, giving patients the tools they need along with on-demand access to Rightway health guides, human experts that answer their questions and manage the frustrating parts of healthcare for them.
Since its founding in 2017, Rightway has raised over $130mm from investors including Khosla Ventures, Thrive Capital, and Tiger Global at a valuation of $1 billion. We’re headquartered in New York City, with a satellite office in Denver. Our clients rely on us to transform the healthcare experience, improve outcomes for their teams, and decrease their healthcare costs.
HOW WE LIVE OUR VALUES TO OUR TEAMMATES:
We’re seeking those with passion for healthcare and relentless devotion to our goal. We need team members who will:
- We are human first
Our humanity binds us together. We bring the same empathetic approach to every individual we engage with, whether it be our members, our clients, or each other. We are all worthy of respect and understanding and we engage in our interactions with care and intention. We honor our stories. We listen to—and hear—each other, we celebrate our differences and similarities, we are present for each other, and we strive for mutual understanding.
- We redefine what is possible
We always look beyond the obstacles in front of us to imagine new solutions. We approach our work with inspiration from other industries, other leaders, and other challenges. We use ingenuity and resourcefulness when faced with tough problems.
- We debate then commit
We believe that a spirit of open discourse is part of a healthy culture. We understand and appreciate different perspectives and we challenge our assumptions. When working toward a decision or a new solution, we actively listen to one another, approach it with a “yes, and” mentality, and assume positive intent. Once a decision is made, we align and champion it as one team.
- We cultivate grit
Changing healthcare doesn’t happen overnight. We reflect and learn from challenges and approach the future with a determination to strive for better. In the face of daunting situations, we value persistence. We embrace failure as a stepping stone to future success. On this journey, we seek to act with guts, resilience, initiative, and tenacity.
- We seek to delight
Healthcare is complicated and personal. We work tirelessly to meet the goals of our clients while also delivering the best experience to our members. We recognize that no matter the role or team, we each play a crucial part in our members’ care and take that responsibility seriously. When faced with an obstacle, we are kind, respectful, and solution-oriented in our approach. We hold ourselves accountable to our clients and our members’ success.
Rightway is a healthcare company looking to improve healthcare outcomes for everyone, everywhere. With that in mind, we have to consider what is good for the health of our team, the company, and the communities we operate in. As such, Rightway has determined a mandatory COVID-19 vaccination policy for all employees, in combination with other safety precautions, is the best way forward.
Rightway is PROUDLY an Equal Opportunity Employer that believes in strength in the diversity of thought processes, beliefs, background and education and fosters an inclusive culture where differences are celebrated to drive the best business decisions possible. We do not discriminate on any basis covered by appropriate law. All employment is decided on the consideration of merit, qualifications, need and performance.
Tags: Android APIs Application security C CEH CVSS DAST Finance IAST iOS Java Log analysis Node.js OWASP Ruby SAML SAST SDLC SonarQube Threat intelligence Vulnerabilities
Perks/benefits: Career development Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs