Employment Type:
Full time Shift:
Description:
ABILITY TO WORK 100% REMOTE.
The primary responsibility of an Application Security Engineer is to spearhead and execute code reviews leveraging state-of-the-art automated tools. This role will include collaborative relationships with the Red Team and Development teams, in addition to the deployment and oversight of automated security solutions. The position involves supporting internal development teams by pinpointing security vulnerabilities within software, advising on security best practices, and overseeing the risk mitigation process. Designed for a professional with a deep-rooted passion for enhancing cybersecurity, this role focuses on identifying and addressing software risks to forge a safer digital environment. The ideal candidate is committed to ongoing personal and professional growth and possesses the ability to collaborate effectively with development teams, contributing to the advancement of software quality and security within the healthcare sector.
Job Description Summary: The primary responsibility of an Application Security Engineer is to spearhead and execute code reviews leveraging state-of-the-art automated tools. This role will include collaborative relationships with the Red Team and Development teams, in addition to the deployment and oversight of automated security solutions. The position involves supporting internal development teams by pinpointing security vulnerabilities within software, advising on security best practices, and overseeing the risk mitigation process. Designed for a professional with a deep-rooted passion for enhancing cybersecurity, this role focuses on identifying and addressing software risks to forge a safer digital environment. The ideal candidate is committed to ongoing personal and professional growth and possesses the ability to collaborate effectively with development teams, contributing to the advancement of software quality and security within the healthcare sector.
Essential Functions:
- Knows, understands, incorporates, and demonstrates the Trinity Health (TH) Mission, Vision and Values in behaviors, practices, and decisions.
- Maintains a working knowledge of applicable Federal, State, and local laws and regulations, Trinity Health’s Integrity and Compliance Program and Code of Conduct, as well as other policies and procedures to ensure adherence in a manner that reflects honest, ethical, and professional behavior.
- Works directly with the business and application development team representatives to imbed application security processes, tools and techniques which support development teams in their preferred style of working.
- Leads and executes detailed code reviews using automated tools such as HPe Fortify, Veracode, Snyk, and Checkmarx. Focus on identifying security vulnerabilities, code inefficiencies, and compliance with coding standards.
- Works as a peer with software developers to understand code structure and logic for identified vulnerabilities needing assistance. Providing constructive feedback and guidance on improving code quality and security.
- Maintains and builds a deep expertise of application security, development practices, and techniques. Aiming to optimize this knowledge to maximize their effectiveness in code analysis.
- Assists in developing and updating secure coding guidelines and standards. Ensure these standards are effectively communicated and adhered to within the development teams.
- Helps with training sessions for development teams on the use of automated code review tools and on best practices in secure coding.
- Assesses and enhance the code review process and tooling. Staying updated with the latest trends and advancements in automated code analysis technologies.
- Documents code review processes and findings. Prepare detailed reports on code review outcomes, highlighting potential risks and recommendations for improvements. Develops monthly metrics on progress of program.
- Aids in accomplishing any additional tasks assigned by leadership.
- [pay range $101,551.9428-$167,560.7056]
Minimum Qualifications:
- Bachelor’s degree in Computer Science, Information Technology, Information Security, or related field, or equivalent practical experience.
- Minimum of 3 years of experience in any of the following disciplines;
- Software Development
- Quality Assurance
- Build Engineering
- Site Reliability Engineering
- DevOps Engineering
- Experience in using automated code tooling related to building or deploying code to operational environments.
- Exposure and/or experience with various security testing techniques such as manual code reviews, dynamic application security testing (DAST), static application security testing (SAST), source composition analysis (SCA), and penetration testing.
- Solid understanding of software development life cycle, coding standards, and software security principles.
- Familiarity with reading and using a variety of programming languages and frameworks.
- Familiarity with application security concepts such as injection attacks, cross-site scripting, cross-site request forgery, and others.
- Strong analytical skills, highly motivated, and exacting attention to detail.
- Excellent communication and teamwork skills.
- Must possess a personal presence that is characterized by a sense of honesty, integrity, and caring with the ability to inspire and motivate others to promote the philosophy, mission, vision, goals, and values of Trinity Health.
Preferred Qualifications:
- Experience in administering automated code review tools.
- Advanced experience with various security testing techniques such as manual code reviews, dynamic application security testing (DAST), static application security testing (SAST), source composition analysis (SCA), and penetration testing.
- Abilities to employ modern technological practices, including API integration and advanced data manipulation, to solve abstract security problems. Innovate beyond conventional methods like spreadsheets to model threats, vulnerabilities, and mitigations in applications.
- Competency-focused certifications such as OSWE (OffSec Web Expert), OSWA (OffSec Web Assessor), CSSLP (Certified Secure Software Lifecycle Professional, CASE (Certified Application Security Engineer), and OSCP (OffSec Certified Professional) are highly desired.
- Deep knowledge and experience utilizing and referencing testing frameworks and web application security frameworks from organizations such as OWASP.
- Experience in training or mentoring developers on coding practices.
Our Commitment to Diversity and Inclusion
Trinity Health is one of the largest not-for-profit, Catholic healthcare systems in the nation. Built on the foundation of our Mission and Core Values, we integrate diversity, equity, and inclusion in all that we do. Our colleagues have different lived experiences, customs, abilities, and talents. Together, we become our best selves. A diverse and inclusive workforce provides the most accessible and equitable care for those we serve. Trinity Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other status protected by law.
Teamwork SDLC data-management Analytical skills case Quality Assurance (QA) veracode OWASP clean code principles checkmarx programming-languages remote work snyk Communication OffSec Certified Professional (OSCP) penetration-testing API Integrations Software Developer