We are CONNECTING HEALTH AND WEALTH. Come be part of remarkable.
How you can make a difference
We are looking for a passionate Application Security Engineer to join our team in Irving, Texas. You will be a key contributor to direct security architecture and design for a talented engineering team working closely with the business team to meet requirements. You will demonstrate your ability to work closely with scrum teams and information security to deliver high quality, high-value company initiatives that will help grow our leadership position in the industry. You’ll have an integral part in helping us enhance our platforms to reduce costs, increase revenue, improve system scalability and broaden the market to propel our growth. You’ll be accelerating the company growth by thinking beyond the norm and making a significant contribution to our corporate initiative of flawless execution.
What you’ll be doing
The primary focus of this position is to ensure that our platform is secure by design and to guide software delivery teams to achieve this goal. You will achieve this though the following:
- Act as liaison between Security and software development teams
- Have an Agile mindset and are value-focused and guided by the Lean-Agile principles.
- Work closely with agile software development teams during the design and development process to guide secure feature design and secure coding practices.
- Develop application threat models for web, mobile, and public API’s, and mitigation strategies for vulnerabilities identified.
- Teach scrum teams how to develop and maintain feature level threat models, and mitigate the vulnerabilities identified.
- Conduct static and dynamic code analysis using industry standard tools to support product release cycles.
- Perform manual and automated code reviews.
- Develop, and teach secure coding standards and practices.
- Participate in Web / Mobile application security assessments and penetration testing on projects and/or releases; produce detailed risk reports with identified vulnerabilities and remediation recommendations.
- Evaluate, track, and ensure compliance of high and critical vulnerabilities; develop, maintain and update scorecards to reflect vulnerabilities and communicate to teams and team leaders.
What you will need to be successful
- Bachelor’s degree in Computer Science, Computer Engineering, or other Engineering Discipline; graduate degree is a plus.
- At least 5 years of experience directly involving the design of secure application features and design patterns for enterprise class .NET based Web Applications.
- Demonstrated knowledge developing system and application threat models for enterprise applications and designs to mitigate high risk application threats.
- Experience training development teams to develop their own application threat models.
- Knowledge of in the OWASP top 10 and related exploitation techniques, including but not limited to cross-site scripting, SQL injections, session hijacking and insecure direct object references, to obtain controlled access to target systems.
- Strong understanding of implementing secure web services and identifying vulnerabilities in legacy web services.
- Experience with commercial dynamic and static application scanning tools SAST & DAST like IBM's AppScan, HP Enterprise Fortify and Fortify on Demand.
- Nessus, Veracode, Checkmarx , Qualys, Burpsuite, WhiteHat Sentinel, Rapid7 AppSpider, JFrog Xray experience is a plus
- Experience working with automated scanning as triggered by a CI/CD pipeline plugin
- Experience with Cloud Technologies such as AWS, GCP, Azure a plus
- SIEM tools, VMware, Databases (Oracle, MSSQL, or Equivalent).
- Significant experience performing teaching code reviews to instill understanding of good design principals in other team members
- Strong understanding of SOLID software design and implementation principles.
- Advanced C# Development Skills
- Advanced ASP.Net MVC 5 and Web API skills
- Familiarity with network and web application protocols (Http, Https, TCP/IP, SAML 2.0, OAuth 2.0, Rest APIs, etc)
- Industry certifications preferred CISSP,GWEB,GPEN,,CEH, OSCP, GWAPT, LPT or ECSA
- Additional certification desirable CSSLP and GSSP
Benefits and perks
- Medical, Dental, Vision
- 401(k) match
- Paid Maternity/Paternity leave
- Ongoing education
- Tuition Assistance
- Gym/Fitness Reimbursement
- Purple with Purpose (paid volunteer time off)
- HSA contribution and match
- On site Lunch and Learns
- Award winning Wellness Program
- Consumer Driven Healthcare (CDH) education
Why work for HealthEquity
HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth and build health savings for life. Through our innovative technology and superior service delivery, our members gain valuable insights to better save and spend their healthcare dollars.
We firmly believe that our team members drive the success of this company. We hire passionate contributors who enjoy the thrill of pioneering their positions to their full potential. Join us and discover a work experience where the person is valued more than the position, and where are our purple culture drives a remarkable experience.
Our advice to you
HealthEquity is fiercely focused on hiring passionate individuals to contribute to our purple culture. If you speak passion, excellence, service, ambition, fun… we want to speak with you! We believe that your personality is as important as your experience and qualifications so when we do have the opportunity to speak together, be authentic, be genuine, be you! Showcase your experience and your passion.
HealthEquity, Inc. is a proud promoter of equal opportunities for training, compensation, transfer, promotion, and other aspects of employment for all qualified applicants and employees. HealthEquity, Inc. support Equal Employment Opportunities without regard to sex, race, color, religion, national origin, age, disability, sexual orientation or veteran status when hiring – under federal, state and local laws.