Application Security Engineer, Sr.

Harmony Information Systems   •  

Lenexa, KS

Less than 5 years

Posted 213 days ago

18-990

Job Description:

Are you interested in changing the world of healthcare and human services? Do you want to work with innovative web and mobile software applications with great impact on society? Can you provide smart ideas and experiments about what’s possible? Do you work hard to help others to achieve their best results? Do you want to be amazed, inspired and proud of your job every day? Come and show us what you’re made of.

Mediware Information Systems, Inc. is a fast growing Top 100 Healthcare Software company. We design and build products that are inspiring and make a real impact in people’s lives. We have 1000+ employees across the US, UK and Netherlands. Mediware’s portfolio of solutions currently includes long-term services and supports, behavioral health, blood solutions, cellular therapy, home care, medication management, rehabilitation and respiratory therapy.  

 

Reporting to the Director of Information Security, the Senior Application Security Engineer will lead the Mediware Application Security Program. The position will: a) evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques; b) provide expert guidance to developers on the appropriate selection and implementation of relevant application security controls across the Mediware application portfolio; c) advises and consult internal clients/teams on appropriate application of security practices and existing security services to solve problems or enable new business opportunities. 

Provide overall leadership to the Mediware application security program. This includes program leadership of a software assurance model such as OPEN SAMM/OWASP SAMM or others, and technical leadership and collaboration efforts with application security team leads and delivery managers throughout Mediware to integrate application security into the SDLC.

Evaluates applications for appropriate and effective use of security controls. Conducts application code, web application and other vulnerability scans using SAST, DAST and other security scans/vulnerability tools and techniques. Ensures that new applications or applications undergoing a major change are assessed for vulnerabilities prior to production implementation.

Provides expert guidance on secure coding practices. Provides technical consultation in assisting development and engineering staff in appropriate selection and implementation of relevant application security controls across the Mediware application portfolio.

Administers Mediware application/vulnerability management security tools. Serves as system administrator for Mediware Application Security tools, set including Static Application Security Tools (SAST) and, Dynamic Application Security Tools (DAST), including installation, setup, configuration, administration, conducting scans. Serves as subject matter expert for the Mediware Application Security Tools. Coordinates integration of tools into SDLC process including integration in the Integrated Development Environment (IDE) tools, Continuous Integration and Continuous Development (CI/CD) pipeline tools.

Analyzes and reports on vulnerability scan results data for trending, business impact, prioritization. Produces various routine and ad-hocreports, resulting from analysis of scan result data. Produces metrics, including application/vulnerability security dashboards, and scorecards to meet the needs of Mediware staff including executives, internal staff/contractors such as Development/IT/Network and Hosting staff.

Design, develop and deliver presentations focused on raising awareness for application security and defensive programming techniques.

Builds relationships with internal technical customers including Development/IT/Network and Hosting staff to assure collaborative approach to improving and maintaining the security posture of Mediware.

Documents security and vulnerability findings and all work activities efforts following Mediware technical standards, using approved methods. As needed, participates in the development, review, and finalization of documentation, best practices and procedures to improve and maintain the security posture of Mediware.

Assists in enhancing the Mediware security program through evaluation of tools, implementation of automation of security testing and other process improvements.

Participate in the training and/or mentoring programs as assigned or required.

Adhere's to the Mediware Values and supports a positive company's culture

Responds to the needs and requests of clients and Mediware management and staff in a professional and expedient manner.

Other Duties As Assigned  

Job Qualifications:

Required Education and/or Experience

  • B.S or M.S in Computer Science, or equivalent education or experience.

  • 3 years of experience in application security testing.

  • 3-5 years of experience with application security or development (.Net, Java, C++, PHP, Node.js, JavaScript, HTML) with focus on secure, Internet-exposed, multi-tier web-based systems.

  • 2 years of experience with HP Fortify, CheckMarx, Veracode; or Syonpsys

  • Experience leading teams, collaborating with others across organization;

  • Applying good risk-based judgment to complex problems.

  • Excellent troubleshooting, listening and problem-solving skills

  • Candidate should have experience making and defending sound technical arguments that incorporate relevant technical and business considerations, and building consensus among stakeholders.

  • Able to work in a fast paced deadline oriented environment

  • Customer focused

  • Works well in a team environment

  • Strong written and oral communication skills.

  • Ability to think analytically and to understand and communicate quantitative information