Information Security Application Vulnerability Engineer
Alignment HealthcareAlignment Health is breaking the mold in conventional health care, committed to serving seniors and those who need it most: the chronically ill and frail. It takes an entire team of passionate and caring people, united in our mission to put the senior first. We have built a team of talented and experienced people who are passionate about transforming the lives of the seniors we serve. In this fast-growing company, you will find ample room for growth and innovation alongside the Alignment Health community. Working at Alignment Health provides an opportunity to do work that really matters, not only changing lives but saving them. Together.
This position is responsible for identifying, analyzing, and helping with remediate security vulnerabilities within our applications. This role requires a strong understanding of application security principles, hands-on experience with various security testing methodologies, and excellent communication skills to collaborate effectively with development teams and other stakeholders.Job Responsibilities:
Conduct static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST) on a continuous basis.
Identify, triage, and validate security vulnerabilities using both automated tools and manual review.
Work closely with software development and DevOps teams to provide clear, actionable guidance on how to fix vulnerabilities and implement secure coding practices.
Help integrate security controls and checks into the software development lifecycle (SDLC) and CI/CD pipelines.
Drive and support application security reviews and threat modeling.
Manage and configure a suite of application security tools, ensuring their effective use and reporting.
Stay up-to-date with the latest security threats, trends, and technologies, and conduct research on new vulnerabilities and attack vectors.
Contribute to the creation and maintenance of application security policies, standards, and procedures to guide development teams and ensure compliance.
Develop and deliver security awareness and secure coding training to engineering teams.
Support and lead third-party penetration testing.
Job Requirements:
Experience:
Required:
5-7+ years of progressive experience in information security, with a strong focus on application security testing and vulnerability management.
Proven track record of working directly with developers and engineering teams to identify and remediate security vulnerabilities in a fast-paced environment.
Experience in a large-scale enterprise environment with complex application portfolios.
Preferred:
Experience in healthcare or another highly regulated field.
Education:
Required:
Bachelor's degree or equivalent work experience in Computer Science, Information Security, or a related technical discipline.
Preferred:
Relevant professional certifications such as Offensive Security Certified Professional (OSCP), GIAC Web Application Penetration Tester (GWAPT), or Certified Secure Software Lifecycle Professional (CSSLP) are highly desirable.
ISC2 Certified Information Systems Security Professional (CISSP)
Specialized Skills:
Required:
Experience with general threat hunting techniques and tools.
Experience with one or more programming languages (i.e., C#, Scala, Python).
Essential Physical Functions:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
1. While performing the duties of this job, the employee is regularly required to talk or hear. The employee regularly is required to stand, walk, sit, use hand to finger, handle or feel objects, tools, or controls; and reach with hands and arms.
2. The employee frequently lifts and/or moves up to 10 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus.
Pay range may be based on a number of factors including market location, education, responsibilities, experience, etc.
Alignment Health is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, age, protected veteran status, gender identity, or sexual orientation.
*DISCLAIMER: Please beware of recruitment phishing scams affecting Alignment Health and other employers where individuals receive fraudulent employment-related offers in exchange for money or other sensitive personal information. Please be advised that Alignment Health and its subsidiaries will never ask you for a credit card, send you a check, or ask you for any type of payment as part of consideration for employment with our company. If you feel that you have been the victim of a scam such as this, please report the incident to the Federal Trade Commission at https://reportfraud.ftc.gov/#/. If you would like to verify the legitimacy of an email sent by or on behalf of Alignment Health’s talent acquisition team, please email careers@ahcusa.com.