The Threat Evaluation (TEV) organization’s mission is to identify threats and drive out vulnerabilities across Express Scripts (ESI). The ideal candidate will have excellent analytical, engineering, communication, and technical skills. This position will be responsible for performing threat modeling exercises in support of the Project Risk Assessment Team. This role is a lead position, which will create, implement, and maintain a threat modeling strategy and framework (PASTA, DREAD, etc.).
· Lead the Threat Modeling program by performing security architecture / application reviews of products and applications
· Create security use, misuse and abuse cases for products and applications, to help create test plans to ensure adequate protection against threats
· Define and implement KPIs to effectively measure the program
· Create and execute the strategic roadmap
· Assist project teams in implementing security measures to meet corporate policies and external regulations.
· Mentor other Security Analysts in performing threat modeling and risk assessments
· Provide technical expertise and resolution for Threat Modeling and Risk Assessments
Demonstrated Experience in the following areas:
Application security and architecture
Static and dynamic code analysis
Web application firewalls
Experience with understanding complex software and system interactions
Practical experience of threat modeling applications, services, and infrastructure
Demonstrated experience with implementing/assessing risk against standards
In-depth knowledge ofOWASP Top 10 / Application Security Verification Standard and how to remediate those findings
Familiarity with high level programming languages
Demonstrated ability to diagnose and troubleshoot technical issues, excellent skills
Experience / Soft Skill Requirements
5+ years’ experience as Application Architect/Sr. Developer
3+ years’ experience in Information Security
Strong program development, program management and leadership skills including experience in developing, documenting and establishing application security programs and best practices.
Understanding of application threat modelling and Secure SDLC practices.
Excellent written and verbal communication skills required. Must be able to communicate technical details a clear, understandable manner.
Generally curious with the ability to pick up new technology or concepts very quickly is required for success
ABOUT THE DEPARTMENT
Do you enjoy the challenge of defending an enterprise from security breaches? Come put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while delivering an enterprise computing environment that is resilient to breaches and disruptions. If you’re as passionate about data security as we are and want to be at the center of our noble mission to make healthcare safer and more affordable, explore our opportunities.
Job Id: REQ20009989