Sr Application Security Engineer

Job Description

IT is different here. Our work as technology specialists pushes the boundaries of what’s possible in health care. You will build solutions that make a real difference in people’s lives. Driven by the importance of their work, our team members innovate to elevate. We’re encouraged to be curious, collaborate, and turn ideas into solutions that can make health care better for all.

We are seeking a candidate with prior experience in application security and vulnerability management to play an integral role within the Enterprise Security team. This role will lead projects and initiatives to jumpstart the application security program and participate in application security and infrastructure vulnerability management tasks required to keep the organization secure.

In this position you will also handle more complex design, evaluation and testing of application security and vulnerability management functions to ensure that the systems and data integrity of the organization is being maintained and protected against the latest cyber threats.

If you are ready to make a career out of making a difference, then you are the person for this team.

What You Will Do

• Performs more complex application security & vulnerability management functions both on premise and in the cloud including identification, analysis, triage, and coordination of the remediation of application vulnerability findings.
• Proactively build partnerships with Infrastructure and DevOps teams and collaborates with members of the enterprise to discuss complex application security vulnerabilities and mis-configuration findings and the treatment of those findings.
• Manage high-level engineering functions of the application security and vulnerability compliance scanning tools to ensure accuracy and effectiveness of the solution.
• Maintains and regularly updates technical hardening security standards and provides process guidance to more junior team members as needed.
• Proactively identify improvements and design, revise and maintain relevant standard operating procedures and working instructions related to Application Security & Vulnerability Management.

What You Bring

• Bachelor's degree or advanced degree (where required)
• 5+ years of experience in related field.
• In lieu of degree, 7+ years of experience in related field.

Hiring Preferences

• Prior experience in Application Development, Secure Coding, Containers, and integrating application security tools into DevOps pipelines

• Experience reviewing, triaging results from, and configuring container image scanning solutions such as RedHat Advanced Cluster Security (ACS), Prisma Cloud/Twistlock, and Aquasec.

• Experience reviewing, triaging results from, and configuring open-source component scanning solutions such as Sonatype IQ, Synk, and Black Duck.

• Experience reviewing and/or running dynamic web application scans, validating DAST findings, and consulting with application development teams on the risk of those issues.

• Experience reviewing application vulnerabilities, open-source dependency vulnerabilities, OWASP Top 10, application penetration test reports, and discussing exploit vectors and risk with application development teams and the business.

Salary Range

At Blue Cross NC, we take great pride in a fair and equitable compensation package that reflects market-price and our starting salaries are typically planned near the middle of the range listed. Compensation decisions are driven by factors including experience and training, specialized skill sets,  licensure and certifications and other business and organizational needs. Our base salary is part of a robust Total Rewards package that includes an Annual Incentive Bonus*, 401(k) with employer match, Paid Time Off (PTO), and competitive health benefits and wellness programs. 

*Based on annual corporate goal achievement and individual performance.
 

$84,000.00 - $152,200.00