Job Summary:
The Senior Application Security Engineer is primarily responsible for ensuring our applications, infrastructure and data remain secure. The Senior Application Security Engineer will work with the Director, Technology Operations to drive security across our product, development, and operations teams. The Senior Application Security Engineer will ensure that we are practicing proper security hygiene, staying ahead of the security landscape, and working with security vendors where required. The Senior Application Security Engineer will report on KPIs to measure our current security posture and derive ways to improve.
All activities must be in compliance with Equal Employment Opportunity laws, HIPAA, ERISA, and other regulations, as appropriate.
Essential Functions: In addition to working in accordance with appropriate conduct and behavioral standards, specific responsibilities of this role include:
Automate and manage SAST,DAST,IAST & SCA across our portfolio of products
Integrate security into the SDLC including threat modeling, development standards, standardized processes, etc
Create & execute on penetration test plans
Perform security reviews on new product designs
Train and educate on security principals and best practices
Evaluate and implement new security products and solutions
Provide remediation guidance and oversight to discovered vulnerabilities
Communicate with all levels of the organization, often balancing competing priorities
Perform research on emerging cybersecurity vulnerabilities and ensure we remain secure
Collect and report on KPIs to ensure we maintain our security hygiene
Participate in 24/7 on-call rotation for security event response
Lead and coordinate projects independently
Demonstrate a degree of knowledge throughout all Nextech products and technologies
Carry out additional responsibilities as assigned based on business need
Requirements:
CISSP or comparable certification
5+ years of experience application security or cybersecurity roles
Experience and understanding of application and infrastructure security standards and best practices
Experience in security hardening in a public cloud environment (Azure) at a SaaS company
Proficient in at least one modern programming language such as C#, Java, C++, Python, C#, TypeScript etc used in
the development of software solutions
Willingness to participate in 24x7 incident response
Preferred Qualifications:
Knowledge of cloud architectures and solutions
Previous experience working in healthcare with an understanding of HIPAA
Hold an Offensive Security Certified Professional (OSCP) certification
Familiarity with security frameworks such as OWASP (including Mobile) NIST CSF, NIST SP 800-x, COBIT, ISO-27001, PCI DSS
Working experience with NIST Common Vulnerability Scoring System (CVSS) and Threat Modeling Framework such as STRIDE or PASTA