Jobs//Cybersecurity + IT//

Application Security Engineer - Chicago

Collective Health
Sorry, this job was removed at 1:05 p.m. (CST) on Thursday, December 19, 2019
View 296 Jobs
Find out who's hiring in Chicago.
See all Cybersecurity + IT jobs in Chicago
View 296 Jobs
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job

Our security team at Collective Health is at the heart of the company’s success. We spend a lot of time actively working with the broader community instead of opposing them, and we find that it passes off in spades. As part of the security team you’ll be responsible for ensuring the success of a collaborative security pipeline we’ve built out and actively encourage and promote the security internal SDLC we have here.

Responsibilities

  • Augmenting our Continuous Integration and Continuous Deployment pipeline to include security better security controls
  • Perform code audits on internal and open source libraries for inclusion in our products
  • Assist in the architecting of new products, features and capabilities
  • Partner with shareholders from the various teams we have here in order to ensure good security outcomes
  • Perform application vulnerability assessments and Penetration testing on Core applications and 3rd party solutions
  • Provide detailed explanations of the security issues found and ensure appropriate explanations are provided and remediations are performed according to the SLA
  • Provide technical leadership and mentorship on security topics
  • Contribute to the security industry through open source software, research, white papers or presentations

Minimum Qualifications

  • Experience programming in one or more of the following languages: Python, Go or Java
  • Experience working with Cloud networks (AWS, GCP, DO, AZURE)
  • Experience with common attack scenarios in various common layers within our infrastructure (cloud-based issues, code quality, insider threat, etc)
  • Deep understanding of information security principles
  • Practical experience conducting web application security reviews and moderate knowledge in network-based penetration testing

Desired Qualifications

  • Understanding of a wide range of application based vulnerability classes (ex: SQLi, XSS)
  • Strong scripting experience and moderate programming experience in the security field (custom tools, workflows etc)
  • Well versed with Application security principles and architectural best practices
  • Knowledge and awareness on building Threat and Risk models for application suite
  • Ability to perform secure code review and translate findings into a remediation patterns
  • Published work in the vulnerability research or information security field

Collective Health is a technology company working to create the healthcare experience we all deserve. Founded in 2013, our team of engineers, designers, product managers, and actuaries are redefining the $1 trillion market of employer-sponsored health benefits with data-driven and people-focused products. Our complete health benefits solution helps great companies like Activision Blizzard, Palantir, Restoration Hardware, and Pinterest take care of their people by harnessing the power of design and technology. Based in San Francisco, CA, we’re backed by some of the best investors in Silicon Valley including Google Ventures, Founders Fund, NEA, and Redpoint Ventures. For more information, visit us at https://www.collectivehealth.com.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

  • Maintain and audit IT Infrastructure security
  • Lead IT infrastructure integrations with partners from a security perspective
  • Oversee and collaborate with team members, understand their processes and workflows, prioritize their ideas and innovations and develop improvements to ensure successful execution.
  • Maintain awareness of threat intelligence industry security threats and lead management of security incidents
  • Leading technical security experts in the augmentation our Continuous Integration (CI) pipeline to include security testing; collaborate with stakeholders on overall CI/CD vision and implementation strategy
  • Oversee execution of code audits on internal, and open source libraries for inclusion in our products
  • Assist in the architecture of new products, features, and capabilities

If many or most of the following items apply to you, we'd love to talk!

  • 5+ years of experience in a regulated organization (e.g HIPAA compliance - pharma, biotech, health insurance)
  • 3-5+ years building or running technical security teams
  • Experience as an accountable “Security Officer” of a regulated environment or organization (e.g. FISMA, HIPAA, PCI-DSS)
  • Hands on technical and/or development expertise in Application or Product Security domains including:
    • 2+ years Static and Dynamic Analysis Techniques management experience (developing models or executing analysis tooling)
    • 2+ years of Java, Ruby, Go, or Python Software Application development management experience
    • 3+ years of Web application vulnerabilities discovery or detection management
  • Deep understanding of information security principles
  • Ability to work effectively and influence groups throughout the organization.
  • Relevant network and network security experience (OSI model, firewalls, 802.1x, IPS, IDS, VPN)
  • Relevant systems security experience (HIDS, system hardening, cgroups etc)
  • Experience automating security incident event monitoring infrastructure

You get extra bonus points for:

  • You have contributed to and maintained open source projects
  • Experience working with Public Cloud Services (AWS, Azure, etc)
  • Familiarity with Service Oriented Architecture and/or micro-services based architecture
  • Familiarity with container-based infrastructure orchestration (e.g. Docker, Kubernetes, Meso)
  • Experience with NIST security frameworks 
  • Experience working in Healthcare, Financial, or other regulated environment
  • Experience with breaking encryption, authentication, or authorization system flows

Collective Health is a technology company working to create the healthcare experience we all deserve. Founded in 2013, our team of engineers, designers, product managers, and actuaries are redefining the $1 trillion market of employer-sponsored health benefits with data-driven and people-focused products. Our complete health benefits solution helps great companies like Activision Blizzard, Palantir, Restoration Hardware, and Pinterest take care of their people by harnessing the power of design and technology. Based in San Francisco, CA, we’re backed by some of the best investors in Silicon Valley including Google Ventures, Founders Fund, NEA, and Redpoint Ventures. For more information, visit us at https://www.collectivehealth.com.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.


#LI-MD1

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
By clicking Apply Now you agree to share your profile information with the hiring company.

Location

Located right in the heart of River North by the Red, Brown, and Purple CTA lines, with countless nearby restaurants and entertainment options.

Similar Jobs

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about Collective HealthFind similar jobs