|Purpose of the Job
Performs ongoing security vulnerability assessments and application pen tests, including identifying, assessing, and driving remediation of application vulnerabilities. Develops security improvements for the company's websites and backend applications and serve as a SME on website and application-related projects. Researches and recommends emerging security technologies/tools to address current and future threats and creates and maintains documentation as it relates to security designs/configuration, processes, and requirements. Participate in security incident response processes. Mentors development teams on use of secure coding practices and evangelize secure software development practices and processes throughout the SDLC.
Essential Job Functions and Responsibilities
- Participate in the building, automation, and operation automated security review capabilities across multiple technology stacks and languages throughout the SDLC
- Coordinate security code reviews, application vulnerability testing, and penetration testing, and train engineering team on best practices in application security throughout the SDLC.
- Drive assessment of applications to identify and prioritize risks, driving prioritization and remediation across application development teams.
- Be an expert on vulnerabilities and attack vectors that have the potential to impact to BCBSAZ systems
- Proactively identify and implement products and tools to ensure security of our applications, collaborating with all areas of IT to harden our environment.
- Participate in developing technical strategy; apply and promote security technology that optimizes the portfolio of technologies, tools, products, and applications.
- Work IT leaders and subject matter experts to use technology to improve overall corporate security posture.
- Deliver assessment services, develop business cases, design solution architecture, and recommend multi-phased, complex migration programs that address application security.
- Develop timelines, work estimates, cost projections, and manage projects related to application security initiative to approved guidelines; review and consult on design and technical approach of projects to ensure consistency.
- The position requires a full-time work schedule. Full-time is defined as working at least 40 hours per week, plus any additional hours as requested or as needed to meet business requirements.
- Position may require evening, weekend, or on-call schedules, depending on project requirements and/or system status.
- Perform all other duties as assigned.
Required Work Experience
- 8 years of experience with application design and development.
- 3 years as application security engineer analyzing the application modules for enhancing the application security.
Preferred Work Experience
- Bachelor's degree in business, information technology, computer systems, or related field
- 10 years of experience with application design and development.
- 5 years as application security engineer analyzing the application modules for enhancing the application security.
- Proven experience with web pen testing and application vulnerability assessments
- Master's Degree in business, computer science or related field
- CISSP, CEH and/or CSSLP Certifications
Required Job Skills
- Technical certifications in software and systems design and development
Required Professional Competencies
- Deep .NET and Java knowledge, certified developer or expert-level knowledge with .NET and Java and related technologies with security tools.
- Expert knowledge application security technologies and authentication protocols.
- Excellent communication skills to document and explain security vulnerabilities and technical risks to a technical audience and business audience.
- Intermediate skill in use of office equipment, including copiers, fax machines, scanner and telephones
- Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
- Strong experience in System Architecture, Design, Development and integration and deployment of multi-tier mission critical application systems
- Knowledge and demonstrated experience designing multi-tier, highly available, multi-threaded, and scalable architectures
- Demonstrated application of architectures and designs that employ design patterns
- Highly developed oral and written communication skills as well as presentation skills. Interest in all aspects of application security research and development
- Familiarity with fundamentals of software configuration management, automated build processes, and source code control systems.
- Strong database background and experience with Oracle or MS SQL Server.
- Experience in developing, deploying REST API or SOAP based Web Services for application integration services.
- Experience with PKI, Hardware Cryptographic Modules
- Expert technical skills related to analysis and design techniques for batch, real-time, and online systems
- Advanced knowledge and experience with application technologies implemented within delivery organization
- Advanced skill in computer system validation including SOP development, implementation and adherence
- Advanced Knowledge of hardware, software, telecommunications, operating systems, and applications.
- Experience working with high volume, transactional, large capacity systems in a 24x7 environment.
- Experience and knowledge of Agile practices.
Required Leadership Experience and Competencies
- Ability to take appropriate risks, using available data.
- Ability to build synergy with a diverse team in an ever-changing environment
- Anticipate downstream technical needs and steer architectural designs to appropriately factor in considerations.
- Strong analytical skills to support independent and effective decisions.
- Strong verbal and written communications skills and the ability to interact professionally with a diverse group of executives, managers, and subject matter experts.
- Highly skilled at designing and implementing multiple tier architecture solutions, developing high-performance and secure systems and system integration
- Work effectively with management, project managers, business analysts, developers, engineers, architects, system administrators, and QA to conceive, design, and deliver successful software solutions.
- Able to operate at varying levels of abstraction including business and product strategy, design, and implementation
Preferred Job Skills
- Provide leadership, promote teamwork, meet objectives and exercise independent judgment
- Experience leading and implementing projects and working collaboratively with other departments levels
- Ability to prioritize tasks and work with multiple priorities, sometimes under limited time constraints.
- Knowledge of HIPAA security and privacy standards.