The Security Engineer helps design, build, deploy, and maintain secure systems. The Security Engineer develops security protocols for Information Systems and projects while troubleshooting any technical problems that may arise, to include detection and prevention of information security threats to the organizations Information Systems. The Security Engineer supports both tactical and strategic relationships within the Information Services Department, technology and contracting vendors, suppliers, and internal and external business clients.
Lead security architecture/design analysis and reviews of web, mobile, and desktop applications with development teams and other stakeholders throughout the company.
Identify and complete targeted exploit testing through white-box testing to identify system flaws and vulnerabilities which may include developing scripts or other tools as required.
Collaborate with scrum teams as it relates to threat modeling, design review, secure coding practices, static and dynamic analysis, web application scanning, etc.
Collaborate with colleagues on authentication, authorization, and encryption solutions.
Maintain data and monitor security access to Information Systems.
Evaluate new technologies and processes that enhance security capabilities and test security solutions using industry standard analysis criteria.
When appropriate, suggest new methods to solve existing production security issues.
Perform vulnerability testing, risk analyses and security assessments on the organizations current security measures.
Plan, implement, and upgrade security measures and controls when necessary.
Anticipate security alerts, incidents and disasters in an effort to reduce the likelihood of such event(s).
Manage network, intrusion detection and prevention system by conducting internal/external security audits.
Investigate intrusion incidents, conduct forensic investigations and mount incident responses.
Analyze security breaches to determine their root cause and recommend and install appropriate tools and countermeasures when approved.
Define, implement, and maintain corporate security policies and train employees on security awareness.
Participate in changes in software, hardware, facilities, telecommunications and user needs when appropriate.
Perform other duties and special projects as assigned.
Bachelors Degree in Information Security, Computer Science, or Information Technology.
5 years experience working in various aspects of application security, such as security architecture analysis and design reviews, threat modeling, or web application vulnerabilities assessment, API, WAF, etc.
Information Security Certifications such as GWAPT/GSEC/GCIH/GCIA, CEH, ECSA, or CISSP strongly desired.
Must have strong working knowledge of container security, authentication systems, CI/CD workflows, and Event Management and monitoring (SIEM).
Must have hands on experience building Application Security programs from scratch using Open Source tools and resources such as OWASP.
Must have hands on scripting skills using Python or any other scripting language to automate tasks.
Must have demonstrated knowledge of secure coding practices.
Experience working on single page applications and ColdFusion is a plus.
Experience in a DevSecOps environment is a plus.
Experience in an agile environment is a plus.
Previous experience working in the health care industry; preferably HMO, is a plus.
Proficient computer skills, including electronic mail, routine database activity, word processing, spreadsheet, graphics, etc.
Must be able to speak, read, write, and understand the primary language(s) used in the workplace.
Application Security, SIEM, authentication