Manager, Application Security - Remote

<strong>At Emergent Holdings, we&rsquo;re creating an innovative environment where our employees belong authentically, contribute meaningfully, and thrive intentionally &mdash; both personally and professionally.</strong>

United States, USA

Emergent Holdings

<p class="p1"><strong>Emergent Holdings is driven by a singular goal &mdash; improving the health and safety of our customers and our communities. How do we do that? We create innovative insurance products, technology solutions, and services to support our key stakeholders &mdash; individuals, employers, providers, and strategic partners &mdash; improving the health and safety of the people and places we serve.</strong></p>

keywords: summary,job description,work environment,code,develop,security,solutions,direction exercised,education,experience,proficiency,knowledge,technical,skills

Mid-level Manager

Competitive Compensation and Benefits Package

Overview: <br /> <p>The EHI Security team is responsible for the code-level security of Emergent Holdings entities. We perform this mission via finding, fixing, and preventing security flaws across the applications supporting our clients. We lead and run programs that eliminate security bugs in code. Beyond simply pointing out issues, we solve problems through close partnership with application teams and within our secure framework methodology. We are looking for a leader with strong leadership skills, a background in product/application security, and a passion for collaboration and remediation of code vulnerabilities in a fast-paced environment.<br /><br /></p> <p><strong>WORKING CONDITIONS:</strong></p> <p>Work is performed in an office setting (or home office if remote) with no unusual hazards.</p>
Responsibilities: <br /> <ul> <li>Conduct application security architecture reviews on new and existing applications and offer plans for remediation</li> <li>Scanning customer source code, auditing results with development, and offering plans for remediation of vulnerabilities</li> <li>Azure and AWS Cloud application threat mitigation for web applications</li> <li>Code scanning and vulnerability assessment experience</li> <li>Work with enterprise architects and developers to design optimal security practices when developing new application functionality</li> <li>Advanced to expert level knowledge and understanding of architecture, application design, systems engineering, and cloud applications</li> <li>Interpret business requirements and functional specifications to recommend security requirements</li> <li>Communicate technical application security concepts to customer staff, including developers, architects, and managers</li> <li>Work with development and QA teams to ensure the use of secure coding practices and verification methods</li> <li>Act as a Subject Matter Expert in the discovery and investigation of critical security vulnerabilities as required</li> <li>Conduct manual application security testing and source code auditing for a variety of technologies and code-types</li> <li>Experience working in an Agile environment</li> <li>Ensure new system builds entail appropriate security packages, tools, logging, and monitoring applications are configured properly</li> <li>Provide detailed risk and remediation guidelines, as well as perform remediation activities where applicable</li> </ul> <br /> <p><strong>DIRECTION EXERCISED:</strong></p> <ul> <li>Directly supervises exempt and non-exempt staff in accordance with company policies and applicable Federal and State Laws.&nbsp;</li> <li>Responsibilities include but are not limited to effectively interviewing, hiring, terminating, and training employees; planning, assigning, and directing work; appraising performance; rewarding and counseling employees; addressing complaints and resolving problems; supporting and encouraging the engagement process.</li> </ul>
Requirements: <br /><br /> <p><strong>EDUCATION:</strong></p> <ul> <li>Bachelor&rsquo;s degree in Computer Science, Information Security, or related field.</li> <li>Relevant combination of education and experience may be considered in lieu of degree.</li> <li>Continuous learning as defined by the Company&rsquo;s learning philosophy is required.&nbsp;</li> <li>Professional security management certification such as CISA, CISM, CISSP is preferred.</li> </ul> <br /> <p><strong>EXPERIENCE:</strong></p> <ul> <li>Eight years of experience in architecture or security management with expertise in applying secure software development methods within system development lifecycle efforts.&nbsp;</li> <li>Experience conducting security code review, threat modeling, or application penetration assessments.</li> <li>Experience in interfacing with multiple information technology application and infrastructure development and support areas within an enterprise.</li> <li>Experience in reviewing healthcare-related information system technical controls for adherence to CMS (Centers for Medicare &amp; Medicaid Services), HIPAA-HITECH, HITRUST, and ISO 27002 security requirements preferred.</li> </ul> <p>&nbsp;</p> <p><strong>SKILLS/KNOWLEDGE/ABILITIES (SKA) REQUIRED:</strong></p> <ul> <li>Knowledge of software development concepts and methodologies</li> <li>Highly motivated, competitive, entrepreneurial, and attracted to challenging opportunities</li> <li>Demonstrated ability to work in a fast-paced environment where organizational skills are essential</li> <li>Demonstrated strong problem solving, analytical, interpersonal, and ownership skills</li> <li>Possess excellent collaboration skills with a wide variety of internal team members</li> <li>Ability to interact with technical managers and development teams to articulate requirements and processes while collaborating on design options, implementation, testing, and user acceptance.</li> <li>Knowledge of application security technical controls and common vulnerabilities.</li> <li>Competent in advanced communication skills including the ability to translate technical security concepts to business-oriented audiences</li> <li>Demonstrated ability to develop metrics, perform critical analysis, and develop executive decision support content.</li> <li>Competent in working within information technology service management frameworks such as ITIL</li> <li>Familiarity with network architecture and topologies</li> <li>Familiarity with APIs, web services (RESTful and SOAP), and SOA (Service Oriented Architecture)</li> <li>Demonstrated experience in one or more of the following database environments: Oracle 11g/12c or SQL Server 2008/10/14/16</li> <li>Demonstrated experience in one or more of the following operating system environments: Microsoft Windows Server 2008/10/12 or Redhat Linux ES 4/5/6</li> <li>Experience conducting security code reviews in one or more of the following languages: C#, ASP.NET, WCF</li> <li>Hands-on experience with one or more of the following: LDAP, ADAM, SSO, SAML, Active Directory</li> <li>Familiarity of Veracode platform, Internet Information Server (IIS), firewalls, iptables, whitelisting, and security groups</li> <li>Familiarity with Cloud and Hybrid Cloud/On-prem security models</li> <li>Familiarity with release management (and DevOps) of custom software</li> </ul>