Zelis Healthcare
Application Security Engineer
Zelis Healthcare, St. Petersburg, Florida, United States,
Zelis is hiring an
Application Security Engineer
to work in collaboration with the corporate application development teams. The position will be accountable for application security of corporate applications. You'll work with Application Development teams to identify application assets, data flows, threats, and required cyber security controls, as well as with Application Security Testers to measure the effectiveness of identified cyber security controls.Location and Workplace Flexibility: We have offices in Atlanta GA, Boston MA, Morristown NJ, Plano TX, St. Louis MO, St. Petersburg FL, and Hyderabad, India. We foster a hybrid and remote friendly culture and all of our employee's work locations are based on the needs of the position and determined by the Leadership team. In-office work and activities, if applicable, vary based on the work and team objectives in accordance with Company policies.Responsibilities:Partner closely with corporate stakeholders to understand regulatory, industry, and organizational security requirementsProvide security requirements with acceptance criteria to application development teams using the Agile and Waterfall methodologiesConduct threat modeling exercises to identify potential security vulnerabilities in corporate applicationsAnalyze application's components, data flows, and external dependencies to anticipate and mitigate threatsReview the architecture of software applications to ensure that security is integrated at every layer, including network, infrastructure, and application levelsImplement security controls and best practices to address identified risks and vulnerabilities, including encryption, authentication, access controls, input validation, and other security mechanismsPerform security code reviews to identify and remediate security vulnerabilities in application code. Look for common security flaws such as injection attacks, cross-site scripting (XSS), and insecure configurationsProvide guidance and training to development teams on secure coding practices, security principles, and relevant security tools and technologiesEvaluate and implement security tools and automation solutions to enhance the security posture of applications and streamline security processesQualificationsBachelor's degree in Cyber Security (or) related degree and experience8+ years of experience in Cyber Security2+ years of experience in Agile and writing user stories2+ years of experience in Application Security and Threat Modeling, as well as application development or application secure code reviewUnderstanding of API and Web security vulnerabilities2+ years of experience using Octave or StrideExperience working within a DevSecOps environmentPreferred QualificationsExperience in security coding, source code management, and/or build and deployment technologiesExperience with web application firewallsFamiliarity with OWASP Top 10 API, Web, and Mobile Application Security RisksFamiliarity with MITRE CWE Top 25 Most Dangerous Software WeaknessesCDP, CISSP, E|CDE or other relevant certificationsFamiliarity with regulatory controls and industry best practices such as HIPAA, PCI, CIS, HiTrust, ISO 27001, NIST, etc.)#LI-HybridAs a leading payments company in healthcare, we guide, price, explain, and pay for care on behalf of insurers and their members. We're Zelis in our pursuit to align the interests of payers, providers, and consumers to deliver a better financial experience and more affordable, transparent care for all. We partner with more than 700 payers, including the top-5 national health plans, BCBS insurers, regional health plans, TPAs and self-insured employers, over 4 million providers, and 100 million members, enabling the healthcare industry to pay for care, with care. Zelis brings adaptive technology, a deeply ingrained service culture, and a comprehensive navigation through adjudication and payment platform to manage the complete payment process.Commitment to Diversity, Equity,Inclusion, and BelongingAt Zelis, we champion diversity, equity, inclusion, and belonging in all aspects of our operations. We embrace the power of diversity and create an environment where people can bring their authentic and best selves to work. We know that a sense of belonging is key not only to your success at Zelis, but also to your ability to bring your best each day.Equal Employment OpportunityZelis is proud to be an equal opportunity employer. All applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.We encourage members of traditionally underrepresented communities to apply, even if you do not believe you 100% fit the qualifications of the position, including women, LGBTQIA people, people of color, and people with disabilities.Accessibility SupportWe are dedicated to ensuring our application process is accessible to all candidates. If you are a qualified individual with a disability or a disabled veteran and require a reasonable accommodation with any part of the application and/or interview process, please email TalentAcquisition@zelis.comSCAM ALERT: There is an active nationwide employment scam which is now using Zelis to garner personal information or financial scams. This site is secure, and any applications made here are with our legitimate partner. If you're contacted by a Zelis Recruiter, please ensure whomever is contacting you truly represents Zelis Healthcare. We will never asked for the exchange of any money or credit card details during the recruitment process. Please be aware of any suspicious email activity from people who could be pretending to be recruiters or senior professionals at Zelis.
Application Security Engineer
to work in collaboration with the corporate application development teams. The position will be accountable for application security of corporate applications. You'll work with Application Development teams to identify application assets, data flows, threats, and required cyber security controls, as well as with Application Security Testers to measure the effectiveness of identified cyber security controls.Location and Workplace Flexibility: We have offices in Atlanta GA, Boston MA, Morristown NJ, Plano TX, St. Louis MO, St. Petersburg FL, and Hyderabad, India. We foster a hybrid and remote friendly culture and all of our employee's work locations are based on the needs of the position and determined by the Leadership team. In-office work and activities, if applicable, vary based on the work and team objectives in accordance with Company policies.Responsibilities:Partner closely with corporate stakeholders to understand regulatory, industry, and organizational security requirementsProvide security requirements with acceptance criteria to application development teams using the Agile and Waterfall methodologiesConduct threat modeling exercises to identify potential security vulnerabilities in corporate applicationsAnalyze application's components, data flows, and external dependencies to anticipate and mitigate threatsReview the architecture of software applications to ensure that security is integrated at every layer, including network, infrastructure, and application levelsImplement security controls and best practices to address identified risks and vulnerabilities, including encryption, authentication, access controls, input validation, and other security mechanismsPerform security code reviews to identify and remediate security vulnerabilities in application code. Look for common security flaws such as injection attacks, cross-site scripting (XSS), and insecure configurationsProvide guidance and training to development teams on secure coding practices, security principles, and relevant security tools and technologiesEvaluate and implement security tools and automation solutions to enhance the security posture of applications and streamline security processesQualificationsBachelor's degree in Cyber Security (or) related degree and experience8+ years of experience in Cyber Security2+ years of experience in Agile and writing user stories2+ years of experience in Application Security and Threat Modeling, as well as application development or application secure code reviewUnderstanding of API and Web security vulnerabilities2+ years of experience using Octave or StrideExperience working within a DevSecOps environmentPreferred QualificationsExperience in security coding, source code management, and/or build and deployment technologiesExperience with web application firewallsFamiliarity with OWASP Top 10 API, Web, and Mobile Application Security RisksFamiliarity with MITRE CWE Top 25 Most Dangerous Software WeaknessesCDP, CISSP, E|CDE or other relevant certificationsFamiliarity with regulatory controls and industry best practices such as HIPAA, PCI, CIS, HiTrust, ISO 27001, NIST, etc.)#LI-HybridAs a leading payments company in healthcare, we guide, price, explain, and pay for care on behalf of insurers and their members. We're Zelis in our pursuit to align the interests of payers, providers, and consumers to deliver a better financial experience and more affordable, transparent care for all. We partner with more than 700 payers, including the top-5 national health plans, BCBS insurers, regional health plans, TPAs and self-insured employers, over 4 million providers, and 100 million members, enabling the healthcare industry to pay for care, with care. Zelis brings adaptive technology, a deeply ingrained service culture, and a comprehensive navigation through adjudication and payment platform to manage the complete payment process.Commitment to Diversity, Equity,Inclusion, and BelongingAt Zelis, we champion diversity, equity, inclusion, and belonging in all aspects of our operations. We embrace the power of diversity and create an environment where people can bring their authentic and best selves to work. We know that a sense of belonging is key not only to your success at Zelis, but also to your ability to bring your best each day.Equal Employment OpportunityZelis is proud to be an equal opportunity employer. All applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.We encourage members of traditionally underrepresented communities to apply, even if you do not believe you 100% fit the qualifications of the position, including women, LGBTQIA people, people of color, and people with disabilities.Accessibility SupportWe are dedicated to ensuring our application process is accessible to all candidates. If you are a qualified individual with a disability or a disabled veteran and require a reasonable accommodation with any part of the application and/or interview process, please email TalentAcquisition@zelis.comSCAM ALERT: There is an active nationwide employment scam which is now using Zelis to garner personal information or financial scams. This site is secure, and any applications made here are with our legitimate partner. If you're contacted by a Zelis Recruiter, please ensure whomever is contacting you truly represents Zelis Healthcare. We will never asked for the exchange of any money or credit card details during the recruitment process. Please be aware of any suspicious email activity from people who could be pretending to be recruiters or senior professionals at Zelis.