Application security

About the Role:

● You live and breathe application security ● You enjoy collaborating with engineers and building out actionable policies and practices. ● You have experience with multiple frontend and backend frameworks and are comfortable identifying and resolving security issues. ● You are particularly deep in API security best practices. ● You have experience integrating threat modeling throughout the application development lifecycle. ● You could explain DAST, SAST, IAST to our C-suite as well as help us make the best use of the appropriate technology. ● You aren’t afraid to pitch in for incident response and investigations and help use the lessons from our worst days to make our every day better. ● Pen testing is a plus ● You believe in automation and almost nothing brings you the same level of joy as a well tuned, purposeful CI/CD pipeline is a plus.

Demonstrated Experience: ● Minimum of 5-8 years related work experience in Application security, development or equivalent role. ● Building and breaking modern applications (SPAs, mobile apps, APIs, webhooks, etc.) in modern processing environments (CDN, WAF, API gateways, etc). ● Establishing application security practices and technical pipelines, especially integrating useful controls in CI/CD pipelines both on-premise and cloud environments. ● Working with engineering teams to balance ongoing product feature development, technology limitations with security concerns. ● Conducting or being the subject of privacy and/or security audits. ● Ability to produce high quality documentation, reports, procedures and technical specifications to communicate with a wide range of stakeholders. ● Effective at engaging with teams in various functions and across different levels ● Strong organizational skills and ability to prioritize and manage multiple projects simultaneously. ● Excellent analytical and writing skills with an emphasis on communicating complex issues across a wide audience. ● Experience working in an environment that processes PHI and with applicable standards, such as: NIST Privacy Framework, ISO/IEC 27701, ISO 27001, HIPAA, HITRUST, SOC 2.