Application Security Engineer - Chicago at Collective Health

| Chicago
!Sorry, this job was removed at 1:05 p.m. (CST) on Thursday, December 19, 2019

Our security team at Collective Health is at the heart of the company’s success. We spend a lot of time actively working with the broader community instead of opposing them, and we find that it passes off in spades. As part of the security team you’ll be responsible for ensuring the success of a collaborative security pipeline we’ve built out and actively encourage and promote the security internal SDLC we have here.

Responsibilities
  • Augmenting our Continuous Integration and Continuous Deployment pipeline to include security better security controls
  • Perform code audits on internal and open source libraries for inclusion in our products
  • Assist in the architecting of new products, features and capabilities
  • Partner with shareholders from the various teams we have here in order to ensure good security outcomes
  • Perform application vulnerability assessments and Penetration testing on Core applications and 3rd party solutions
  • Provide detailed explanations of the security issues found and ensure appropriate explanations are provided and remediations are performed according to the SLA
  • Provide technical leadership and mentorship on security topics
  • Contribute to the security industry through open source software, research, white papers or presentations
Minimum Qualifications
  • Experience programming in one or more of the following languages: Python, Go or Java
  • Experience working with Cloud networks (AWS, GCP, DO, AZURE)
  • Experience with common attack scenarios in various common layers within our infrastructure (cloud-based issues, code quality, insider threat, etc)
  • Deep understanding of information security principles
  • Practical experience conducting web application security reviews and moderate knowledge in network-based penetration testing
Desired Qualifications
  • Understanding of a wide range of application based vulnerability classes (ex: SQLi, XSS)
  • Strong scripting experience and moderate programming experience in the security field (custom tools, workflows etc)
  • Well versed with Application security principles and architectural best practices
  • Knowledge and awareness on building Threat and Risk models for application suite
  • Ability to perform secure code review and translate findings into a remediation patterns
  • Published work in the vulnerability research or information security field

Collective Health is a technology company working to create the healthcare experience we all deserve. Founded in 2013, our team of engineers, designers, product managers, and actuaries are redefining the $1 trillion market of employer-sponsored health benefits with data-driven and people-focused products. Our complete health benefits solution helps great companies like Activision Blizzard, Palantir, Restoration Hardware, and Pinterest take care of their people by harnessing the power of design and technology. Based in San Francisco, CA, we’re backed by some of the best investors in Silicon Valley including Google Ventures, Founders Fund, NEA, and Redpoint Ventures. For more information, visit us at https://www.collectivehealth.com.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

  • Maintain and audit IT Infrastructure security
  • Lead IT infrastructure integrations with partners from a security perspective
  • Oversee and collaborate with team members, understand their processes and workflows, prioritize their ideas and innovations and develop improvements to ensure successful execution.
  • Maintain awareness of threat intelligence industry security threats and lead management of security incidents
  • Leading technical security experts in the augmentation our Continuous Integration (CI) pipeline to include security testing; collaborate with stakeholders on overall CI/CD vision and implementation strategy
  • Oversee execution of code audits on internal, and open source libraries for inclusion in our products
  • Assist in the architecture of new products, features, and capabilities

If many or most of the following items apply to you, we'd love to talk!

  • 5+ years of experience in a regulated organization (e.g HIPAA compliance - pharma, biotech, health insurance)
  • 3-5+ years building or running technical security teams
  • Experience as an accountable “Security Officer” of a regulated environment or organization (e.g. FISMA, HIPAA, PCI-DSS)
  • Hands on technical and/or development expertise in Application or Product Security domains including:
    • 2+ years Static and Dynamic Analysis Techniques management experience (developing models or executing analysis tooling)
    • 2+ years of Java, Ruby, Go, or Python Software Application development management experience
    • 3+ years of Web application vulnerabilities discovery or detection management
  • Deep understanding of information security principles
  • Ability to work effectively and influence groups throughout the organization.
  • Relevant network and network security experience (OSI model, firewalls, 802.1x, IPS, IDS, VPN)
  • Relevant systems security experience (HIDS, system hardening, cgroups etc)
  • Experience automating security incident event monitoring infrastructure

You get extra bonus points for:

  • You have contributed to and maintained open source projects
  • Experience working with Public Cloud Services (AWS, Azure, etc)
  • Familiarity with Service Oriented Architecture and/or micro-services based architecture
  • Familiarity with container-based infrastructure orchestration (e.g. Docker, Kubernetes, Meso)
  • Experience with NIST security frameworks 
  • Experience working in Healthcare, Financial, or other regulated environment
  • Experience with breaking encryption, authentication, or authorization system flows

Collective Health is a technology company working to create the healthcare experience we all deserve. Founded in 2013, our team of engineers, designers, product managers, and actuaries are redefining the $1 trillion market of employer-sponsored health benefits with data-driven and people-focused products. Our complete health benefits solution helps great companies like Activision Blizzard, Palantir, Restoration Hardware, and Pinterest take care of their people by harnessing the power of design and technology. Based in San Francisco, CA, we’re backed by some of the best investors in Silicon Valley including Google Ventures, Founders Fund, NEA, and Redpoint Ventures. For more information, visit us at https://www.collectivehealth.com.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.


#LI-MD1

Read Full Job Description
Apply now

Technology we use

  • Engineering
  • Product
    • GolangLanguages
    • JavaLanguages
    • PythonLanguages
    • ReactLibraries
    • AngularJSFrameworks
    • Node.jsFrameworks
    • SpringFrameworks
    • PostgreSQLDatabases
    • Google AnalyticsAnalytics
    • PiwikAnalytics
    • SketchDesign
    • ConfluenceManagement
    • JIRAManagement

Location

Located right in the heart of River North by the Red, Brown, and Purple CTA lines, with countless nearby restaurants and entertainment options.

An Insider's view of Collective Health

What’s the vibe like in the office?

The vibe here in the Chicago office is one of chill focus. For the most part, you'll hear the tapping of keys and some soft conversation, with the occasional bubbling over of laughter. We like to get our work done here, but we love getting to know one-another. We're always happy to step away for a chat over coffee or a game of foosball.

Marc

Software Engineer

What does your typical day look like?

Daily work as an SRE includes anything that increases the reliability and stability of the Collective Health platform to make sure our customers have the best experience possible. Everything from huge cross-team initiatives like migrating to Kubernetes to really deep dives troubleshooting issues is possible - and I choose projects that interest me!

Katie

Site Reliability Engineer

How does the company support your career growth?

People here really root for each other’s growth professionally and personally, and they show it by working alongside you to help you do more than you thought you could. We make sure there is space to learn as you work and try new things, and when you do well with them, you get concretely recognized for it.

Hannah

Software Engineer

How do you empower your team to be more creative?

We strive to foster a psychologically safe culture in order to feel free to share all our ideas, allowing even crazy whims and hunches to be molded and shaped by in-depth discussion and collaboration until they reach their full potential. No question is a stupid one, and we all have valuable input.

Matt

Software Engineer

What are some social events your company does?

From the vaguely familiar whirlyball to the always-embarrassing karaoke happy hour, we like to keep things fun and not take ourselves too seriously. We’ve even subjected ourselves to a hot sauce eating challenge, just for fun. Our team also has a regular “game night” where we play anything from Settlers of Catan to Mario Kart.

Patrick

Senior Product Manager

What are Collective Health Perks + Benefits

Collective Health Benefits Overview

We pay 100% of employee premiums for medical, dental, and vision plans. We also offer a wellness stipend, flexible time off, help with your commute, life insurance, a retirement plan, and plenty of perks to keep you happy, healthy, and engaged.

Culture
Volunteer in local community
Friends outside of work
Eat lunch together
Daily stand up
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Pair programming
Open office floor plan
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Retirement & Stock Options Benefits
401(K)
Company Equity
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Family Medical Leave
Company sponsored family events
Vacation & Time Off Benefits
Unlimited Vacation Policy
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Free Daily Meals
Game Room
Stocked Kitchen
Happy Hours
Relocation Assistance
Fitness Subsidies
Professional Development Benefits
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Mentorship program
More Jobs at Collective Health4 open jobs
All Jobs
Design + UX
Dev + Engineer
Product