Position Overview
As a Lead Application Security Engineer, you’ll be a vital member of our Security Team, dedicated to developing, implementing, and advocating for security integration within our software development lifecycle (SDLC). You’ll lead efforts in identifying, evaluating, and mitigating security risks related to application development and deployment, ensuring tour applications, services, and infrastructures are designed and implemented securely while aligning with industry best practices and meeting regulatory requirements.
About Center of Excellence:
Centers of Excellence (COE) are teams whose primary goal is to provide expertise in a specific field. COEs will usually provide support through training, research, and skilled leaders. In the case of HealthEdge, our Centers of Excellence incorporate the Human Resources, IT, Legal and Financial fields, all of which provide support to our Product divisions and allows the enterprise to move forward and achieve its goals.
Your Impact:
- As a lead, you have deep knowledge of what great looks like for an application security program. You can not only start with the end in mind, but you can help build consensus with stakeholders and develop a plan of action with associated milestones and successfully execute that plan. You can navigate autonomy effectively and drive programs and platforms that scale efficiently.
- Strategic Leadership: You'll contribute to developing and communicating a strategic vision for our global application security program. Alignment of application security initiatives and vulnerability management with business goals and our AI-first approach is key to our success.
- Program Design: You'll help design and implement a comprehensive application security program that encompasses vendor onboarding, continuous scanning, vulnerability identification, triage, and remediation. You’ll engage with development personnel, management, consultants, and other company personnel to effectively manage security risk objectives.
- Risk Management: Identifying and assessing application security risks and developing mitigation strategies to reduce those risks is a key skill set for this role. You'll have particular focus on AI/ML coding risks and emerging technology considerations. We are an AI-first company.
- Technology Integration: You'll evaluate and drive the implementation of advanced application security technologies, working closely with our Development, Product, and DevOps Teams to integrate application security controls into our SDLC.
- Automation: You'll leverage automation throughout our SDLC so we can optimize code vulnerability lifecycle management through integrated automation.
- Stakeholder Management: You'll build bridges throughout our organization, leading with education and building influence. As a senior technical contributor on our team, you'll foster a positive and fun environment with a strong emphasis on exceptional collaboration with our stakeholders.
What You Bring:
- Experience: At least 8+ years of experience as a developer or application security engineer.
- Expertise in analyzing system services, threat modeling, identifying issues in code, networks, and applications from a security perspective.
- You demonstrate advanced knowledge and ability to deploy tools, methodologies, and controls to reduce application security risk.
- Expertise in leveraging AI/ML vendor ecosystems to identify, triage, and remediate vulnerabilities in code.
- Strong decision-making capabilities and an ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- A solid understanding of application security frameworks, compliance frameworks/requirements (SOC 2, HITRUST, HIPAA), and AWS cloud security.
- Experience building a scalable and future-proofed application security program that embraces continuous monitoring and risk-based approaches to remediation.
- A proven ability to influence and drive change across an organization
- You’re high-energy, agile-minded, proactive, a direct communicator, highly organized and committed to the mission with the highest levels of integrity.
HealthEdge commits to building an environment and culture that supports the diverse representation of our teams. We aspire to have an inclusive workplace. We aspire to be a place where all employees have the opportunity to belong, make an impact and deliver excellent software and services to our customers.
Geographic Responsibility: While HealthEdge is located in Burlington, MA you may live anywhere in the US
Type of Employment: Full-time, permanent
Work Environment: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job:
- The employee is occasionally required to move around the office. Specific vision abilities required by this job include close vision, color vision, peripheral vision, depth perception, and ability to adjust focus.
- Work across multiple time zones in a hybrid or remote work environment.
- Long periods of time sitting and/or standing in front of a computer using video technology.
- May require travel dependent on company needs.
- The above statements are intended to describe the general nature and level of the job being performed by the individual(s) assigned to this position. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required. HealthEdge reserves the right to modify, add, or remove duties and to assign other duties as necessary. In addition, reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position in compliance with the Americans with Disabilities Act of 1990. Candidates may be required to go through a pre-employment criminal background check.
HealthEdge is an equal opportunity employer. We are committed to workforce diversity and actively encourage all qualified persons to seek employment with us, including, but not limited to, racial and ethnic minorities, women, veterans and persons with disabilities.
#LI-Remote