Application Security Engineer

We are CONNECTING HEALTH AND WEALTH. Come be part of remarkable. 

How you can make a difference  

We are looking for a passionate Application Security Engineer to join our team! Your primary focus is to ensure that the HealthEquity Technology platform is secure by design and to guide software delivery teams. You will be a key contributor to direct security architecture and design for a talented engineering team working closely with the business team to deliver value. You will work closely with scrum teams and information security to deliver high quality, high-value company initiatives. You’ll have an integral part in helping HealthEquity enhance its platform to secure our members and partners data, reduce costs, increase revenue and improve system scalability.

What you’ll be doing 

• Working closely with agile software development teams during design and development phases to guide secure feature design and secure coding practices
• Developing application threat models for web, mobile, microservices, and public API’s and mitigation strategies for securing our technologies
• Teaching scrum teams how to develop and maintain feature level threat models and mitigate the vulnerabilities
• Conducting static, dynamic, SCA and container vulnerability analysis using industry standard tools
• Performing manual and automated code reviews
• Developing and teaching secure coding standards and practices
• Participating in pen testing activities and assisting teams in validating, remediating, and mitigating vulnerabilities
• Working closely with development teams to ensure security at each layer of microservices and container development
• Be the point of contact for helping teams with Threat Models, Risk Ratings, Security mitigations, and ability to talk through these conversations as a teacher
• Participating in the grooming of the Secure Development Lifecycle on an annual basis
• Designing and delivering the annual security training held for the Engineering departments
• Be an active participant for the Security Guild as a trainer, advisor, and a leader of the meetings to build a culture of security throughout all engineering teams
• Work with developers and Technical Security to ensure vulnerabilities are identified and remediated within the development pipeline
• Reviewing build pipelines for best-practice security gates and controls
• Working closely with development teams to improve security maturity throughout all phases of the SDLC

What you will need to be successful

• Bachelor’s degree in Computer Science, Computer Engineering, or other Engineering Discipline is preferred
• 5+ years of experience directly involving the design of secure application features and design patterns for enterprise class .NET based Web Applications
• Demonstrated knowledge developing system and application threat models for enterprise applications and designs to mitigate high risk application threats
• Experience training development teams to develop their own application threat models
• Knowledge of OWASP top 10, OWASP API top 10, OWASP Mobile top 10, and related exploitation techniques, including but not limited to cross-site scripting, SQL injections, session hijacking and insecure direct object references, to obtain controlled access to target systems and mitigating factors for these instances
• Strong understanding of implementing secure web services and identifying vulnerabilities in REST and legacy web services
• Experience with commercial static, dynamic and SCA application scanning tools
• Significant experience performing code reviews to instill understanding of good design principals in other team members
• Strong understanding of SOLID software design and implementation principles
• Strong understanding of 2 factor application architectures
• Advanced C#, Node.js, and/or Python Development Skills
• Advanced Cloud development, .NET Core, ASP.Net, MVC 5, Python, and Web API skills
• Certifications preferred CCSP, CSSLP, ECSA, or CISSP
• Certifications desired AZ500, CEH, OSCP, GWAPT, LPT, or GSSP

#LI-Remote

This is a remote position.

The compensation range describes the typical minimum or maximum base pay range for this position. The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:

• Medical, dental, and vision
• HSA contribution and match
• Dependent care FSA match
• Uncapped paid time off
• Adventure accounts
• Paid parental leave
• 401(k) match
• Personal and healthcare financial literacy programs
• Ongoing education & tuition assistance
• Gym and fitness reimbursement
• Wellness program incentives

Why work for HealthEquity 

HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position. Click here to learn more. 

Come be your authentic self

HealthEquity, Inc. is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, veteran status, or other legally protected characteristics. HealthEquity is a drug-free workplace. For more information about our EEO policy, or about HealthEquity’s applicant disability accommodation, drug-free-workplace, background check, and E-Verify policies, please visit our Careers page.

HealthEquity is committed to your privacy as an applicant for employment.  For information on our privacy policies and practices, please visit HealthEquity Privacy.