Application Security Engineer
Come for the mission. Stay for the experience.
Let’s keep things simple: we are an unbelievably talented, hard-working, and compassionate team driving towards a mission that impacts every single one of us - even you! Healthcare benefits are complex, underutilized, and a mystery for most users. We’re removing that complexity.
Our industry-leading technology solution puts a simplified benefits experience in the hands of users, saving them time and money. Since the start of the pandemic, we’ve created a COVID-19 resource center, helped members find testing and care, and made it even simpler to get telemedicine and mental health support to employees.
HealthJoy experienced explosive growth in 2020: we raised $30M in Series C funding, earned awards for Talent Culture’s Best HR Technology Leaders and Built In Chicago’s Best Places to Work, added 55+ key team members despite going totally remote, and so much more. This year, we continue down that path of high growth and high impact.
Your impact.
As an Application Security Engineer, you’ll Integrate DevSecOps tools as part of an agile team to achieve Continuous Integration and Continuous Deployment (CI/CD) applications. (DAST, IAST). You’ll also develop techniques to ensure development teams find flaws before they are introduced into production (SAST)
- Reduce vulnerabilities, malicious code, and other security issues in released software without slowing down code production and releases
- Mitigate the potential impact of vulnerability exploitation throughout the application lifecycle, including when the code is being developed and when the software is executing on dynamic hosting platforms
- Address the root causes of vulnerabilities to prevent recurrences, such as strengthening test tools and methodologies in the toolchain, and improving practices for developing code and operating hosting platforms
- Reduce friction between the development, operation, and security teams in order to maintain the speed and agility needed to support the organization’s mission while taking advantage of modern and innovative technology
Your experience.
- Knowledge with Python, or other modern programming languages and best coding practices surrounding their use
- Experience with GitLab/Github and CI/CD principles
- Experience with Docker/Kubernetes/Cloud Native, etc.
- Experience in Cloud infrastructure engineering and administration
- Familiarity with infrastructure as code (IaC) and configuration as code principles
- 2+ years implementing secure coding practices like OWASP Top 10
- 2+ years of experience securing applications via CI/CD pipelines leveraging static code analysis, unit and integration testing, dependency analysis, etc.
- Application Service Hardening (CIS, HITRUST, STIGS)
- Web Services Security (Oauth, JWT, OAUTH, SAML, MFA, 2FA, SSL/TLS)
Our rewards.
Work should be meaningful and rewarding.
HealthJoy offers a robust package of employee perks and benefits, including healthcare benefits (medical, dental and vision, EAP, and telemedicine), flexible PTO plan, 401k+match, parental leave, and HSA contribution match. We also provide our employees with a remote work stipend - to ensure you can work comfortably from home, host virtual-lunch-and-learns, ‘friendship time’ pairings, virtual coffee chats/happy hours, and quarterly team activities.
The best benefit of all? We use our own product. As an employee, you can rely on HealthJoy to feel confident about your own healthcare decisions and get the most out of your unique benefits plan.
HealthJoy is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or any other basis forbidden under federal, state, or local law.