Description

All the benefits and perks you need for you and your family:

• Benefits from Day One

• Paid Days Off from Day One

• Student Loan Repayment Program

• Career Development

• Whole Person Wellbeing Resources

• Mental Health Resources and Support

Our promise to you:

Joining AdventHealth is about being part of something bigger. Its about belonging to a community that believes in the wholeness of each person, and serves to uplift others in body, mind and spirit. AdventHealth is a place where you can thrive professionally, and grow spiritually, by Extending the Healing Ministry of Christ. Where you will be valued for who you are and the unique experiences you bring to our purpose-minded team. All while understanding that together we are even better.

Schedule:Full Time

The role youll contribute:

The Application Security Engineer Associate will work as a member of the Application Security Team located in Enterprise Information Security. In this role, the Application Security Engineer Associate will analyze source code of applications written in common programming languages (Java, .NET, PHP, NodeJS, Python, etc.) with a focus on secure coding practices and principles. Work directly with product owners to properly build and document Application Threat Models. Leverage commercial and Open Source toolsets to perform static and dynamic analysis on internally and externally developed applications, and effectively communicate findings to development teams. Perform on-going security testing and code review to improve software security. Work in tandem with internal and external developers as part of a secure software development life cycle. Establish and participate in secure coding review practices amongst developers.

The value youll bring to the team:

• Perform technical assessments of applications based, using both dynamic and static scanning tools, produce reports, open tickets in work tracking systems (e.g. ServiceNow, Jira), and meet with development teams as required

• Implement, operate and maintain Application Security Tools, such as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools

• Analyze source code of applications written in common programming languages (Java, .NET, PHP, NodeJS, Python, etc.) with a focus on secure coding practices and principles.

• Work with product owners to build Application Threat Models with the intent to identify, communicate, and understand threats and mitigations.

• Work in tandem with internal and external developers as part of a secure software development life cycle.

• Establish and participate in secure coding review practices amongst developers.

• Support the maintenance of technical documentation.

• Assist with developing and providing training in secure coding practices.

• Develop a familiarity with new tools and best practices and assist with the integration of these toolsets with the enterprise.

• Stay up to date on application security vulnerabilities and mitigation techniques to provide awareness to the developers and Application Security teams.

Qualifications

The expertise and experiences youll need to succeed:

KNOWLEDGE AND SKILLS REQUIRED:

• Detailed technical knowledge of techniques, standards and state-of-the art capabilities surrounding authorization, applied cryptography, security vulnerabilities and remediation.

• Software development experience in one of the following core languages: Java, .NET, PHP, Javascript, Python.

• Adequate knowledge of web related technologies (web applications, web services, and service-oriented architectures) and of network/web related protocols.

• Familiarity with Application Threat Modeling methodologies (e.g., STRIDE, FAIR, and Octave)

• Able to contribute in a team environment with other team members with varying skills, experience, and locations.

• Able to communicate technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements.

• Excellent analytical and multitasking skills.

• Basic concepts of common security frameworks (e.g., ISO, NIST, HITRUST).

• Basic concepts of varying industry data standards (e.g., PCI, HIPAA).

• Have a strong understanding of OWASP Top 10 and similar frameworks.

• Experience with Agile (e.g., SCRUM, Kanban) software development models.

• Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape as well as security trends in the industry.

KNOWLEDGE AND SKILLS PREFERRED:

• Proficient with Micro Focus Fortify and WebInspect platforms (or similar enterprise static and dynamic analysis tooling)

• Ability to articulate and express both verbal and non-verbal correspondence.

• Ability to translate control framework (e.g. HITRUST, PCI) requirements into understandable and actionable tasks.

EDUCATION AND EXPERIENCE REQUIRED:

• Bachelors degree from an accredited university in either Computer Science or Information Security/Assurance, or related field.

• Three (3) or more years of global work experience in Computer Science, Information Security and/or Software Engineering, in a diverse workforce environment, promoting security awareness.

• A minimum of 2 or more years of professional experience in Information Security, preferably in the areas of application security, or security engineering.

EDUCATION AND EXPERIENCE PREFERRED:

• Five (5) or more years of global work experience in Computer Science, Information Security and/or Software Engineering, in a diverse workforce environment, promoting security awareness.

LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED:

• Security certifications (e.g., CISSP, CISM, CSSLP, GIAC-GWEB, CEH, Security +), or similar certifications.

• Non-Security Certifications (e.g., Microsoft, Cisco, Palo Alto)

This facility is an equal opportunity employer and complies with federal, state and local anti-discrimination laws, regulations and ordinances.