Threat Evaluation - Sr Security Application Architect

Express Scripts   •  

Saint Louis, MO

Industry: Healthcare IT


5 - 7 years

Posted 394 days ago

Job Description

The Threat Evaluation (TEV) organization’s mission is to identify threats and drive out vulnerabilities across Express Scripts (ESI). The ideal candidate will have excellent analytical, engineering, communication, and technical skills. This position will be responsible for performing threat modeling exercises in support of the Project Risk Assessment Team. This role is a lead position, which will create, implement, and maintain a threat modeling strategy and framework (PASTA, DREAD, etc.).


· Lead the Threat Modeling program by performing security architecture / application reviews of products and applications

· Create security use, misuse and abuse cases for products and applications, to help create test plans to ensure adequate protection against threats

· Define and implement KPIs to effectively measure the program

· Create and execute the strategic roadmap

· Assist project teams in implementing security measures to meet corporate policies and external regulations.

· Mentor other Security Analysts in performing threat modeling and risk assessments

· Provide technical expertise and resolution for Threat Modeling and Risk Assessments

Job Requirements

Technical Requirements

Demonstrated Experience in the following areas:

Application security and architecture

Identity management

Static and dynamic code analysis

Multifactor Authentication

Vulnerability Management

Web application firewalls

Experience with understanding complex software and system interactions

Practical experience of threat modeling applications, services, and infrastructure

Demonstrated experience with implementing/assessing risk against standards

In-depth knowledge ofOWASP Top 10 / Application Security Verification Standard and how to remediate those findings

Familiarity with high level programming languages

Demonstrated ability to diagnose and troubleshoot technical issues, excellent skills

Experience / Soft Skill Requirements

5+ years’ experience as Application Architect/Sr. Developer

3+ years’ experience in Information Security

Strong program development, program management and leadership skills including experience in developing, documenting and establishing application security programs and best practices.

Understanding of application threat modelling and Secure SDLC practices.

Excellent written and verbal communication skills required. Must be able to communicate technical details a clear, understandable manner.

Generally curious with the ability to pick up new technology or concepts very quickly is required for success


Do you enjoy the challenge of defending an enterprise from security breaches? Come put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while delivering an enterprise computing environment that is resilient to breaches and disruptions. If you’re as passionate about data security as we are and want to be at the center of our noble mission to make healthcare safer and more affordable, explore our opportunities.

Job Id: REQ20009989