Responsibilities:

• Security engineering and architecture background for consumer facing services.
• Share experience with authentication and authorization models, modern mobile security methodologies, applied cryptography, and secure-by-design development practices.
• Implement best-practice security procedures, standards, and guidelines in the application space.
• Develop tools that make it easier to ship secure code and harder to ship insecure code.
• Conducting risk assessment, penetration testing, code reviews, and static analysis or other security validation of specific projects.
• Perform and support security assessments against most modern product features.
• Partner with our engineering team and architects to design, implement and improve application security solutions.
• Advocate security awareness and teach secure behavior and methods.
• Assist in compliance activities such as external audits from customers, regulatory compliance projects, and overall information security reviews.
• Perform threat modeling of upcoming features and products.
• Team player, influencer, mentor, and growth mindset to help drive out of the box solutions.
• Excellent communication skills to clearly communicate security recommendations, decisions, and to build and maintain security relationships across the enterprise.

Qualifications:

• Bachelor’s Degree in Computer Science or a related field and 2 years experience in application/product security.
• Strong communication skills - written and verbal.
• Experience working with common security vendors for an AWS stack, and also with cloud native AWS security capabilities.
• Code comprehension in at least two languages (Java, Python, Ruby, C++ etc.).
• Discussion and collaboration mindset. Engaging in healthy, constructive debates is key to our teams to innovate and plan for the future, of which Information Security plays a key role.
• Experience in implementing controls and supporting audit or evidence requests for information security compliance programs including PCI, ISO 27001, HITRUST, and SOC 2.
• Previous experience working in a startup environment and/or in Healthcare.
• Demonstrated experience and expertise with: Identifying and resolving OWASP Top 10 vulnerabilities. Threat modeling in an Agile environment. Security Verification Standards. Authentication and authorization schemes.
• Strong understanding of web and mobile application security assessment techniques, threat modeling, general software development practices.
• Experience with creating automation in a higher-level scripting language (Python, JavaScript, etc.).

Nice to have:

•  Secure code reviews.
• Cryptography implementations.
• Has experience in threat modeling, penetration testing, creating security requirements, performing source code reviews, and/or leading security design reviews.
• Has experience building sustainable security programs with an emphasis on customer service, partnership, and enablement of software engineering and product stakeholders.