American Specialty Health

Application Security Engineer II (Remote)

American Specialty Health$89K — $120K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's Degree in IT or relevant work experience required (High school diploma for equivalent experience).
  • 5 years of experience in software development with a security focus or security administration.
  • High proficiency in programming/scripting across languages for automation purposes.
  • In-depth knowledge of web application vulnerabilities, OWASP recommendations, and mitigation strategies.
  • Experience with end-to-end application testing including API and database security.

Responsibilities

  • Perform daily information security functions to safeguard the company.
  • Assist in documenting improvements and automations in security solutions alongside DevSecOps activities.
  • Serve as the product owner for at least one application security product.
  • Coordinate security remediation efforts across different ASH teams.
  • Act as a point of contact for scrum teams regarding vulnerabilities and remediation options.
  • Update documentation for technical controls and processes.
  • Participate in incident response and security testing activities.

Benefits

  • Work-from-home opportunities with company-provided equipment.
  • Flexible remote work arrangements during training and beyond.
  • Stable work environment with a focus on cyber security threats and regulatory compliance.
Full Job Description
Description

American Specialty Health Incorporated (ASH) is seeking an Application Security Engineer II to join our Information Security department.

The primary purpose of this position is to protect and defend the information security posture and information assets from cyber security threats; maintain strong regulatory compliance; and reduce cyber risks to the organization.

Salary Range

  • American Specialty Health complies with state and federal wage and hour laws and compensation depends upon candidate's qualifications, education, skill set, years of experience, and internal equity. $89,300 to $120,000 Full-Time Annual Salary Range.


Remote Worker Guidelines
  • Remote Worker Guidelines: This position will be trained remotely and must be able to work from home (WFH) in a designated work area with company-provided technology equipment. This WFH position requires you have a stable connection to your Internet Service Provider with the ability to participate by video in online meetings over a reliable and consistent network. The internet connection must have a consistent 50 down/10 up Mbps minimum internet speed. 100 down/20 up is recommended to support higher quality video meetings.


Responsibilities
  • Performs day-to-day information security functions.
    • Assist with documentation of improvements (including automation) of information security solutions in concert with DevSecOps activities.
    • Deploy and/or serve as product owner for at least one of the products within the app security stack.
    • Assist with administration of security-related systems including but not limited to: Security and compliance testing software, web application firewalls, open source software, attack simulation, and vulnerability management.
    • Assist with coordination of security issue and remediation efforts between different ASH scrum teams.
    • Act as point of contact for ASH scrum teams to inquire about vulnerabilities and options for remediation.
    • Maintains updated documentation of technical controls, processes and procedures.
    • Participates in incident response, security testing, penetration testing and red teaming roles.
    • Researches and communicates the latest trends in information security and threat environments.
    • Availability for after hours work and occasional travel required.
  • Performs other duties as assigned.
  • Complies with all policies and standards.


Qualifications
  • Bachelor's Degree in IT related field or relevant work experience. If equivalent experience, high school diploma required.
  • 5 years in software development with security focus, systems/software security testing, and/or security administration required.
  • Ability to program/script automations across languages and platforms, including consumption and processing of common API results. (High proficiency)
  • Ability to provide security guidance and implementation steps to software development teams with little oversight from a security supervisor. (Medium proficiency)
  • Experience implementing security technologies and solutions within the application security suite of products. (Medium proficiency)
  • In depth knowledge of web application vulnerabilities, OWASP recommendations, and mitigation strategies. (High proficiency)
  • Understanding of network and Software Architectures and design. (Medium proficiency)
  • Knowledge of proxies such as Burpsuite, or zap for manual validation of application security findings. (High proficiency)
  • Experience with end to end of application testing including API, logic flows, database, graphql, windows networks and resources, linux applications, and azure cloud. (High proficiency)
  • Knowledge of Static Code analysis tools and their limitations, pipeline integrations, actions. (High proficiency)
  • Familiar with WAF technology setups and common limitations. Runtime Protection concept and implementation. (Medium proficiency)


Core Competencies
  • Demonstrated ability to interact in a positive, respectful manner and establish and maintain cooperative working relationships.
  • Ability to display excellent customer service to meet the needs and expectations of both internal and external customers.
  • Excellent listening and interpersonal communication skills to identify critical core competencies based on success factors and organizational environment.
  • Ability to effectively organize, prioritize, multi-task and manage time.
  • Demonstrated accuracy and productivity in a changing environment with constant interruptions.
  • Demonstrated ability to analyze information, problems, issues, situations, and procedures to develop effective solutions.
  • Ability to exercise strict confidentiality in all matters.


Mobility
  • Primarily sedentary, able to sit for long periods of time.


Physical Requirements
  • Ability to see, speak, and hear other personnel and/or objects. Ability to communicate both in verbal and written form. Ability to travel within and around the facility or Work from Home (WFH) environment. Capable of using a telephone, computer keyboard, and mouse. Ability to lift up to 10 lbs.


Environmental Conditions
  • Work-from-home (WFH) environment.


#LI-Remote #InfoSec #Engineer #Security #Information #OWASP

About American Specialty Health

American Specialty Health Incorporated (ASH) is a national health services organization that provides fitness, exercise and healthy aging programs such as Silver&Fit, FitnessCoach, Active&Fit, ExerciseRewards and others. ASH is headquartered in Carmel, Indiana and has offices in San Diego, California and Columbia, South Carolina. ASH is committed to improving the health of its members and reducing healthcare costs through its fitness and wellness programs. ASH has been recognized as one of the Best Places to Work in San Diego and Indiana.
Learn more about American Specialty Health
Size
1,500 employees
Industry
Net Income
$20 million
Founded
1987
5 Year Trend
+5%
Revenue
$400 million

Similar Jobs

More Jobs at American Specialty Health

More Information Technology Jobs

Find similar Application Security Engineer II (Remote) jobs: