Manager, Application Security - Remote
Emergent Holdings

Job Info

---

SUMMARY: The EHI Security team is responsible for the code level security of Emergent Holdings entities. We perform this mission via finding, fixing and preventing security flaws across the applications supporting our clients. We lead and run the programs that eliminate security bugs in code. Beyond simply pointing out issues, we solve problems through close partnership with application teams and within our secure framework methodology. We are looking for a leader with strong leadership skills, a background in product/application security, and a passion for collaboration and remediation of code vulnerabilities in a fast-paced environment.

RESPONSIBILITIES/TASKS:

• Conduct application security architecture reviews on new and existing applications and offer plans for remediation
• Scanning customer source code, auditing results with development and offering plans for remediation of vulnerabilities
• Azure and AWS Cloud application threat mitigation for web applications
• Code scanning and vulnerability assessment experience
• Work with enterprise architects and developers to design optimal security practices when developing new application functionality
• Advanced to expert level knowledge and understanding of architecture, application design, systems engineering and cloud applications
• Interpret business requirements and functional specifications to recommend security requirements
• Communicate technical application security concepts to customer staff, including developers, architects, and managers
• Work with development and QA teams to ensure the use of secure coding practices and verification methods
• Act as a Subject Matter Expert in the discovery and investigation of critical security vulnerabilities as required
• Conduct manual application security testing and source code auditing for a variety of technologies and code-types
• Experience working in an Agile environment
• Ensure new system builds entail appropriate security packages, tools, logging and monitoring applications are configured properly
• Provide detailed risk and remediation guidelines, as well as perform remediation activities where applicable

DIRECTION EXERCISED:

Directly supervises exempt and non-exempt staff in accordance with company policies and applicable Federal and State Laws. Responsibilities include but are not limited to effectively interviewing, hiring, terminating, and training employees; planning, assigning and directing work; appraising performance; rewarding and counseling employees; addressing complaints and resolving problems; supporting and encouraging the engagement process.

EMPLOYMENT QUALIFICATIONS:

EDUCATION:

Bachelor's degree in Computer Science, Information Security, or related field. Relevant combination of education and experience may be considered in lieu of degree. Continuous learning as defined by the Company's learning philosophy is required. Professional security management certification such as CISA, CISM, CISSP is preferred.

EXPERIENCE:

Eight years of experience in architecture or security management with expertise in applying secure software development methods within system development lifecycle efforts. Experience conducting security code review, threat modeling, or application penetration assessments. Experience in interfacing with multiple information technology application and infrastructure development and support areas within an enterprise. Experience in reviewing healthcare-related information system technical controls for adherence to CMS (Centers for Medicare & Medicaid Services), HIPAA-HITECH, HITRUST, and ISO 27002 security requirements preferred.

SKILLS/KNOWLEDGE/ABILITIES (SKA) REQUIRED:

• Knowledge of software development concepts and methodologies
• Highly motivated, competitive, entrepreneurial and attracted to challenging opportunities
• Demonstrated ability to work in a fast-paced environment where organizational skills are essential
• Demonstrated strong problem solving, analytical, interpersonal, and ownership skills
• Possess excellent collaboration skills with a wide variety of internal team members
• Ability to interact with technical managers and development teams to articulate requirements and processes while collaborating on design options, implementation, testing and user acceptance.
• Knowledge of application security technical controls and common vulnerabilities.
• Competent in advanced communication skills including the ability to translate technical security concepts to business-oriented audiences
• Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content.
• Competent in working within information technology service management frameworks such as ITIL
• Familiarity with network architecture and topologies
• Familiarity with APIs, web services (RESTful and SOAP), and SOA (Service Oriented Architecture)
• Demonstrated experience in one or more of the following database environments: Oracle 11g/12c or SQL Server 2008/10/14/16
• Demonstrated experience in one or more of the following operating system environments: Microsoft Windows Server 2008/10/12 or Redhat Linux ES 4/5/6
• Experience conducting security code reviews in one of more of the following languages: C#, ASP.NET, WCF
• Hands-on experience with one or more of the following: LDAP, ADAM, SSO, SAML, Active Directory
• Familiarity of Veracode platform, Internet Information Server (IIS), firewalls, iptables, whitelisting and security groups
• Familiarity with Cloud and Hybrid Cloud/On-prem security models
• Familiarity with release management (and DevOps) of custom software

WORKING CONDITIONS:

Work is performed in an office setting (or home office if remote) with no unusual hazards. (or Explain why this is incorrect)

The qualifications listed above are intended to represent the minimum education, experience, skills, knowledge and ability levels associated with performing the duties and responsibilities contained in this job description.

We are an Equal Opportunity Employer. Diversity is valued and we will not tolerate discrimination or harassment in any form. Candidates for the position stated above are hired on an \"at will\" basis. Nothing herein is intended to create a contract.

This job has expired.