Application Security Engineer

September 4

Apply Now

Receive Emails with Similar Jobs

Included Health

WebsiteLinkedInAll Job Openings

Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation$1. .$1

1001 - 5000

Description

• Security Integration: Embed security practices into the software development lifecycle, ensuring security is considered at every stage, and implemented as a self-service capability wherever feasible (shift-left). • Automation: Develop and maintain automated security tools and scripts to identify and remediate security vulnerabilities in code and infrastructure. • Code Review and Analysis: Perform security code reviews and static/dynamic analysis to identify vulnerabilities in applications written in JavaScript, Go, and Python. • Collaboration: Work closely with Engineering and IT teams to promote security best practices and provide guidance on secure coding standards. • Incident Response: Assist in the investigation and response to security incidents and vulnerabilities, providing technical expertise and recommendations. • Continuous Improvement: Stay up-to-date with the latest security trends, vulnerabilities, and tools, and continuously improve the security posture of our applications and infrastructure. • Documentation: Create and maintain comprehensive security documentation, including policies, procedures, and guidelines. • Consultant: Act as a security consultant on secure software development practices, and provide hands-on training and coaching for Developers.

Requirements

• A bachelor’s degree in a related discipline or equivalent professional experience. • At least 4 years acting in an Application Security Engineer role with progressive responsibility. • Strong experience integrating and managing DAST, SAST or IAST, and SCA tools and how these feed into Vulnerability Management initiatives. • Understanding of how scanning tools, penetration tests, and post-deploy scanning tools work together in the application security lifecycle. • Deep, hands-on experience implementing AppSec tools into a DevOps pipeline. • Solid understanding of application security issues, risks, and mitigation strategies. • Experience developing and refining Secure SDLC documents and processes. • Experience building and leading Information Security training focused on developers and based on OWASP principles. • Experience assessing and securing open-sourced software components. • Strong interpersonal verbal and written communications skills with proven experience of collaboration across different engineering areas. • Deep knowledge of containers and orchestrators, and hands-on experience with securing and monitoring CI/CD pipelines. • Understanding of Go, Python, Java, Javascript code, and their common security flaws. • Hands-on experience with Terraform is a plus. • Experience with low-code automation tools (XSOAR, Tines, etc.) is a plus. • Professional certification is a plus (OSCP, SANS, CISSP or similar).