$80K — $100K *
The Senior Information Security Engineer will responsible for leading the design, development and enforcement of security controls, policies and procedures. The individual will analyze SMC’s business needs, and current SDLC processes, establish priorities for protection of critical applications, dataflows, development processes, establish and maintain an Application Software Security Lifecycle, and implement production-ready application security prototypes when needed. Critical to the role is creation, maintenance, and future vision of an application security architecture specification. Leadership, strategic thinking, collaborator and communication are key factors in being successful in this role.• Supports the HITRUST certification process for the social services application
• Leads the SOC2 audit of the SMC Platform Infrastructure
• Leads delivery of projects implementing SIEM and SOC capabilities. Leads execution, change, and problem management of operational SIEM and SOC capabilities.
• Lead the definition of consistent application security architecture for SMC’s suite of applications, and work across the application development teams to guide security process and architecture for the solution.
• Develop and implement policies and procedures to maintain application security for operational and customer facing application products. Have overall application security vision across multiple verticals such as cloud/service provider, security provider, mobile, appliance etc.
• Implement application and web services development security standards, application threat modeling, risk identification techniques, etc. and implement supporting software packages such as OWASP tools and Burpe Suite.
• Collaborate with Privacy, Legal, Compliance, and Security personnel and executive stakeholders to ensure implementation of internal policies, industry regulation, and applicable laws.
• Provide direction and guidance in assessing and evaluation security risks and monitor compliance with applicable policies. Perform periodic reviews of SDLC practices and develop reports and remediation plans.
• Develop security testing principles and scripts. Monitor QA and testing environments for adherence to security standards.
• Scopes and tracks the projects that deliver and update critical information security capabilities. Leads and directs operational aspects of these capabilities.
• Responsible for change control, problem management, and performance monitoring of these capabilities.
- CISSP, CISA, CISM or similar certifications
- Bachelor’s degree in a related field
- Knowledge of database security.
- Experience in analyzing code using OWASP Top 10, CWE/SANS Top 25, CERT Secure Coding Initiative, or NIST Software Security standards.
- Experience in code scanning tools and methodologies, such as Burp Suite, VeraCode or HP Fortify.
- Healthcare and related industry experience
- Solid understanding of business environment
- Ability to lead, motivate and direct a workgroup
- Ability to work in a team environment
- Strong communication skills
- Strong presentation skills
- Ability to influence others to achieve results
Valid through: 7/2/2021
$80K — $100K *
18 days ago