Application Security Engineer II (Remote)

American Specialty Health Incorporated (ASH) is seeking an Application Security Engineer II to join our Information Security department. The primary purpose of this position is to protect and defend the information security posture and information assets from cyber security threats; maintain strong regulatory compliance; and reduce cyber risks to the organization. Salary Range American Specialty Health complies with state and federal wage and hour laws and compensation depends upon candidate’s qualifications, education, skill set, years of experience, and internal equity. $89,300 to $130,000 Full-Time Annual Salary Range. Remote Worker Guidelines Remote Worker Guidelines: This position will be trained remotely and must be able to work from home (WFH) in a designated work area with company-provided technology equipment. This WFH position requires you have a stable connection to your Internet Service Provider with the ability to participate by video in online meetings over a reliable and consistent network. The internet connection must have a consistent 50 down/10 up Mbps minimum internet speed. 100 down/20 up is recommended to support higher quality video meetings.

Responsibilities

Performs day-to-day information security functions.Assist with documentation of improvements (including automation) of information security solutions in concert with DevSecOps activities. Deploy and/or serve as product owner for at least one of the products within the app security stack. Assist with administration of security-related systems including but not limited to: Security and compliance testing software, web application firewalls, open source software, attack simulation, and vulnerability management. Assist with coordination of security issue and remediation efforts between different ASH scrum teams. Act as point of contact for ASH scrum teams to inquire about vulnerabilities and options for remediation. Maintains updated documentation of technical controls, processes and procedures. Participates in incident response, security testing, penetration testing and red teaming roles. Researches and communicates the latest trends in information security and threat environments. Availability for after hours work and occasional travel required. Performs other duties as assigned. Complies with all policies and standards.

Qualifications

Bachelor’s Degree in IT related field or relevant work experience. If equivalent experience, high school diploma required. 5 years in software development with security focus, systems/software security testing, and/or security administration required. Ability to program/script automations across languages and platforms, including consumption and processing of common API results. (High proficiency) Ability to provide security guidance and implementation steps to software development teams with little oversight from a security supervisor. (Medium proficiency) Experience implementing security technologies and solutions within the application security suite of products. (Medium proficiency) In depth knowledge of web application vulnerabilities, OWASP recommendations, and mitigation strategies. (High proficiency) Understanding of network and Software Architectures and design. (Medium proficiency) Knowledge of proxies such as Burpsuite, or zap for manual validation of application security findings. (High proficiency) Experience with end to end of application testing including API, logic flows, database, graphql, windows networks and resources, linux applications, and azure cloud. (High proficiency) Knowledge of Static Code analysis tools and their limitations, pipeline integrations, actions. (High proficiency) Familiar with WAF technology setups and common limitations. Runtime Protection concept and implementation. (Medium proficiency) Core Competencies Demonstrated ability to interact in a positive, respectful manner and establish and maintain cooperative working relationships. Ability to display excellent customer service to meet the needs and expectations of both internal and external customers. Excellent listening and interpersonal communication skills to identify critical core competencies based on success factors and organizational environment. Ability to effectively organize, prioritize, multi-task and manage time. Demonstrated accuracy and productivity in a changing environment with constant interruptions. Demonstrated ability to analyze information, problems, issues, situations, and procedures to develop effective solutions. Ability to exercise strict confidentiality in all matters. Mobility Primarily sedentary, able to sit for long periods of time. Physical Requirements Ability to see, speak, and hear other personnel and/or objects. Ability to communicate both in verbal and written form. Ability to travel within and around the facility or Work from Home (WFH) environment. Capable of using a telephone, computer keyboard, and mouse. Ability to lift up to 10 lbs. Environmental Conditions Work-from-home (WFH) environment. American Specialty Health is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to sex (including pregnancy, childbirth, related medical conditions, breastfeeding, and reproductive health decision-making), gender, gender identity, gender expression, race, color, religion (including religious dress and grooming practices), creed, national origin, citizenship, ancestry, physical or mental disability, legally-protected medical condition, marital status, age, sexual orientation, genetic information, military or veteran status, political affiliation, or any other basis protected by applicable local, federal or state law. Please view Equal Employment Opportunity Posters provided by OFCCP here. If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access our career center as a result of your disability. To request an accommodation, contact our Human Resources Department at (800) 848-3555 x6702. ASH will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information. #LI-Remote #InfoSec #Engineer #Security #Information #OWASP Apply To This Job