Sr. Application Security Engineer Health Dialog

Health Dialog Corporate Information Security Office (CISO) is seeking a highly motivated and experienced application security engineer to ensure security is built into our technology products. This position will act as the CISO liaison to the Application Development Team and PMO. This individual will provide critical security engineering services that include definition of security requirements and designs. He or she will perform vulnerability assessments, coordinate penetration testing, and other security testing with the CISO and IT Operations. The candidate will be expected to be a thought leader on how security should be viewed by developers and SQA personnel. A critical part of this job will include definition of approaches for code risk assessments and reviews from a security standpoint. After joining Health Dialog, this person will be expected to lead security code and design reviews, develop standards for security coding standards, and work with PMO on methods for inserting security into the SDLC.

Specific job duties include:

• Attend Application Development design reviews. Actively lead discussions from a security standpoint. Provide written input for security based requirements.
• Coordinate penetration tests and perform vulnerability assessment/threat modeling in order to test our technology applications.
• Drive remediation and change as opportunities are uncovered.
• Report and coordinate progress and plans to the Development Team, PMO and CISO management.
• Develop and foster productive and collaborative relationships with software testers, engineers and operations staff
• Communicate to cross functional teams the importance of application security. Help software engineers implement best practices in code development as it relates to security
• Coordinate and oversee 3rd party risk assessments for code reviews and threat modeling
• Define and develop application security design standards. Enforce these standards
• Be a security advocate and evangelist.

Job Qualifications

• 10 years experience as a software engineer with a mindset for security
• Excellent verbal and written communication skills
• Able to work with all levels of staff including senior management
• Excellent problem solving, analytical skills and technical troubleshooting skills
• Thorough understanding of penetration testing techniques and web applications
• Proficient in Operating Infrastructure (Examples: Microsoft Windows 2000/2003, Red Hat Linux, Microsoft Internet Information Server, Apache web server)
• Basic administrative knowledge of one or more major database, including Oracle, MS SQL Server
• Basic networking skills, including OSI stack, routers, switches, and security devices.
• Basic programming skills in C# .NET
• Ability to work within cross-functional teams under strategic direction.
• BSCS degree or equivalent. Applicable certifications a plus