Humana Lead Application Security Engineer (virtual remote home office eligible) in Sandy, Utah
The Senior Application Security Engineer will lead, consult and recommend solutions on matters relating to Application Security within IT Solutions Engineering. This role will be responsible for the definition of the security architecture and enablement to be implemented. This is a role focused on automation, process and necessary tools to support Secure SDLC for Humana’s fast-paced application development environment and technology operations. The role requires a grasp of application security principles and practices and a background working in an application development and coding environment within a large enterprise.
Build a very close working relationship with DevOps, application development and QA teams.
Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments
Maintain documentation related to Application Security including the development of secure coding policies, procedures and standards, modification of the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
Designing system and security controls
Creating security policies and standards
Researching new security technologies and their application to the corporate environment
Ensuring all acquired or developed systems are consistent with the solution engineering and security architecture guidelines
Defining and documenting how the implementation of a new system or interface impacts the security posture of the current environment
Planning system implementation to ensure that all system components are integrated and aligned
Documenting and addressing the organization’s information security, architecture and systems security engineering requirements throughout the development lifecycle
Performing security reviews, identifying gaps in security architecture and design
Bachelor’s Degree in Information Technology, Computer Science or a related fieldSix+ years of experience designing, developing, and testing of software applications and/or infrastructureUnderstanding of application threat modelling and SDLC security practicesExperience in developing secure code and application security standardsExperience conducting application security testing and source-code reviewsExperience with risk-based testing and/or manual assessment
Applied knowledge of healthcare industryExperience with the technologies in use in the application(s) or infrastructureMaster’s Degree in Computer Science, Information Technology or a related fieldExperience performing web vulnerability assessments, application penetration testing and using penetration testing methodologies including the use of forensic tools/methodsExperience creating source code per OWASP or other secure coding guidelinesExperience exploiting OWASP vulnerabilities and executing arbitrary code to test processesExperience with cryptographic techniques such as cryptographic algorithms, key management and rotation processes, and secure key storageExperience with developing enterprise-wide secure code testing strategyCertifications: CISSP (Certified Information System Security Professional); CEH (Certified Ethical Hacker); GSEC; ISTQB (foundation, agile, test manager, test analyst, tech test analyst, etc.)Experience with SAST and DAST technologies including IBM AppScan, CheckMarx, Secure Assist, NowSecure, Burp Suite
Scheduled Weekly Hours
Equal Opportunity Employer
It is our policy to recruit, hire, train, and promote people without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity or expression, disability, or veteran status, except where age, sex, or physical status is a bona fide occupational qualification. View the EEO is the Law poster.
If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact email@example.com for assistance.
Humana Safety and Security
Humana will never ask, nor require a candidate provide money for work equipment and network access during the application process. If you become aware of any instances where you as a candidate are asked to provide information and do not believe it is a legitimate request from Humana or affiliate, please contact firstname.lastname@example.org to validate the request.
- Humana Jobs