HealthEquity, Inc.

  • Cloud Application Security Engineer

    Job Locations US-UT-Draper | US-UT-Draper
    Category
    Software Development and Delivery
  • Overview

    We are BUILDING HEALTH SAVINGS. Come be part of remarkable.

     

    How you can make a difference

     

    We are looking for a passionate Cloud Application Security Engineer to join our team in Draper, Utah. Your primary focus is to ensure that the HealthEquity Technology platform is secure by design and to guide software delivery teams. You will be a key contributor to direct security architecture and design for a talented engineering team working closely with the business team to deliver value. You will work closely with all scrum teams, and information security to deliver high quality, high-value company initiatives. You’ll have an integral part in helping HealthEquity enhance its platform to secure our members and partners data, reduce costs, increase revenue and improve system scalability.

     

    What you’ll be doing

    • Working closely with agile software development teams during the design and development process to guide secure feature design and secure coding practices
    • Developing application threat models for web, mobile, microservices, and public API’s and mitigation strategies for securing our technologies
    • Teaching scrum teams how to develop and maintain feature level threat models and mitigate the vulnerabilities
    • Conducting static and dynamic code analysis using industry standard tools
    • Performing manual and automated code reviews
    • Developing, and teaching, secure coding standards and practices
    • Participate in pen testing activities and help the teams mitigate vulnerabilities
    • Work closely with development teams to ensure security at each layer of microservices/container development
    • Be the point of contact for helping teams with Threat Models, Risk Ratings, Security mitigations, and ability to talk through these conversations as a teacher
    • Participate in the grooming of the SDL on an annual basis or when needed
    • Design and participate in the annual security training held for the Engineering departments
    • Be an active participant for the Security Guild as a trainer, advisor, and a leader of the meetings
    • Work with developers and Technical Security to ensure vulnerabilities are identified and remediated within the development pipeline

     

    What you will need to be successful

    • Bachelor’s degree in Computer Science, Computer Engineering, or other Engineering Discipline is preferred
    • 5+ years of experience directly involving the design of secure application features and design patterns for enterprise class .NET based Web Applications
    • Demonstrated knowledge developing system and application threat models for enterprise applications and designs to mitigate high risk application threats
    • Experience training development teams to develop their own application threat models
    • Knowledge of OWASP top 10, OWASP API top 10, and related exploitation techniques, including but not limited to cross-site scripting, SQL injections, session hijacking and insecure direct object references, to obtain controlled access to target systems and mitigating factors for these instances
    • Strong understanding of implementing secure web services and identifying vulnerabilities in REST and legacy web services
    • Experience with commercial dynamic and static application scanning tools (DAST)
    • Significant experience performing code reviews to instill understanding of good design principals in other team members
    • Strong understanding of SOLID software design and implementation principles
    • Strong understanding of 12 factor application architectures
    • Advanced C# Development Skills
    • Advanced Cloud development, .NET Core, ASP.Net, MVC 5, and Web API skills
    • Certifications preferred CEH, OSCP, GWAPT, LPT or ECSA
    • Certifications desired CIISP, CSSLP, and GSSP

     

    Benefits and perks

    • Medical, Dental, Vision
    • 401(k) match
    • Paid Maternity/Paternity leave
    • Ongoing education 
    • Tuition Assistance
    • Gym/Fitness Reimbursement
    • Purple with Purpose (paid volunteer time off)
    • HSA contribution and match
    • On site Lunch and Learns
    • Award winning Wellness Program
    • Consumer Driven Healthcare (CDH) education

    Why work for HealthEquity

    HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth and build health savings for life. Through our innovative technology and superior service delivery, our members gain valuable insights to better save and spend their healthcare dollars.

     

    We firmly believe that our team members drive the success of this company. We hire passionate contributors who enjoy the thrill of pioneering their positions to their full potential. Join us and discover a work experience where the person is valued more than the position, and where are our purple culture drives a remarkable experience.

     

    Our advice to you

    HealthEquity is fiercely focused on hiring passionate individuals to contribute to our purple culture. If you speak passion, excellence, service, ambition, fun… we want to speak with you! We believe that your personality is as important as your experience and qualifications so when we do have the opportunity to speak together, be authentic, be genuine, be you! Showcase your experience and your passion.

     

    HealthEquity, Inc. is a proud promoter of equal opportunities for training, compensation, transfer, promotion, and other aspects of employment for all qualified applicants and employees. HealthEquity, Inc. support Equal Employment Opportunities without regard to sex, race, color, religion, national origin, age, disability, sexual orientation or veteran status when hiring – under federal, state and local laws.

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed