Lead Application Security Engineer (virtual remote)
Humana
Remote
lead
security
security engineer
engineer
virtual
remote
tools
sast
dast
open source
security
c#
software
February 10, 2023
Humana
Louisville, KY
The Lead application security engineer ensures that every step of the software development lifecycle follows security best practices. They are responsible for adhering to and promoting secure coding principles and testing applications against security risks and parameters prior to release.
In this role, you will conduct code vulnerability assessments using automated tools. The role will be responsible for configuration and updating tools and rulesets for SAST, DAST, Open Source (SCA), and IaC platforms.
In this role you will be a key player in helping the DevSecOps team enable new capabilities as we transition from Checkmarx hosted on premises to CheckmarxONE SaaS solution.
Responsibilities
Responsibilities
Tasks for this role include:
Help development teams transition projects and settings from Checkmarx to CheckmarxONE
Work with development teams to educate them on new capabilities offered by CheckmarxONE (New SAST capabilities, DAST, SCA and IaC)
Work closely with development teams to provide vulnerability remediation guidance
Analyze source code and provide false positive analysis
Help manage access to CheckmarxONE platform (User access and roles)
Understand and help manage vulnerabilities related to Open Source components
Required Qualifications
Bachelor's Degree in Computer Science or related field
At least 5 years’ experience with exposure to SAST, DAST, and Open Source tools
Knowledge of OWASP top 10 vulnerability categories and risk remediation
Comfortable providing remediation advice to developer teams
Comfortable analyzing code in a variety of programming languages, primarily NET Core, MVC, C#, NodeJS, Java, etc
Experience with Azure DevOps, GIT, CI/CD, TDD, and Automated Build Processes
Experience with Cloud Technologies (Azure, GCP, AWS, etc.)
Experience with DevSecOps, Software Development Life Cycle (SDLC), Agile (Scrum/Kanban)
Excellent communication skills with the ability to influence others, can navigate complex organization structures and processes
Exceptional analytical and problem-solving skills
Preferred Qualifications
Experience with SAST, DAST and Open Source software, tools and vulnerability management
Development experience in one or more of the following languages: NET Core, MVC, C#, NodeJS, Java
Humana and its subsidiaries require vaccinated associates who work outside of their home to submit proof of vaccination, including COVID-19 boosters. Associates who remain unvaccinated must either undergo weekly negative COVID testing OR wear a mask at all times while in a Humana facility or while working in the field.
Remote/WAH requirements:
WAH requirements: Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required.
Satellite and Wireless Internet service is NOT allowed for this role.
A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information
Scheduled Weekly Hours
40
Not Specified
0
In this role, you will conduct code vulnerability assessments using automated tools. The role will be responsible for configuration and updating tools and rulesets for SAST, DAST, Open Source (SCA), and IaC platforms.
In this role you will be a key player in helping the DevSecOps team enable new capabilities as we transition from Checkmarx hosted on premises to CheckmarxONE SaaS solution.
Responsibilities
Responsibilities
Tasks for this role include:
Help development teams transition projects and settings from Checkmarx to CheckmarxONE
Work with development teams to educate them on new capabilities offered by CheckmarxONE (New SAST capabilities, DAST, SCA and IaC)
Work closely with development teams to provide vulnerability remediation guidance
Analyze source code and provide false positive analysis
Help manage access to CheckmarxONE platform (User access and roles)
Understand and help manage vulnerabilities related to Open Source components
Required Qualifications
Bachelor's Degree in Computer Science or related field
At least 5 years’ experience with exposure to SAST, DAST, and Open Source tools
Knowledge of OWASP top 10 vulnerability categories and risk remediation
Comfortable providing remediation advice to developer teams
Comfortable analyzing code in a variety of programming languages, primarily NET Core, MVC, C#, NodeJS, Java, etc
Experience with Azure DevOps, GIT, CI/CD, TDD, and Automated Build Processes
Experience with Cloud Technologies (Azure, GCP, AWS, etc.)
Experience with DevSecOps, Software Development Life Cycle (SDLC), Agile (Scrum/Kanban)
Excellent communication skills with the ability to influence others, can navigate complex organization structures and processes
Exceptional analytical and problem-solving skills
Preferred Qualifications
Experience with SAST, DAST and Open Source software, tools and vulnerability management
Development experience in one or more of the following languages: NET Core, MVC, C#, NodeJS, Java
Humana and its subsidiaries require vaccinated associates who work outside of their home to submit proof of vaccination, including COVID-19 boosters. Associates who remain unvaccinated must either undergo weekly negative COVID testing OR wear a mask at all times while in a Humana facility or while working in the field.
Remote/WAH requirements:
WAH requirements: Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required.
Satellite and Wireless Internet service is NOT allowed for this role.
A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information
Scheduled Weekly Hours
40
Not Specified
0
Report this job