Application Security Engineer

Summary

Join RxSense, a leading healthcare technology company, as an Application Security Engineer and play a vital role in assessing and managing application security risks. This mid-tier position within the Information Security team requires collaboration with development and product teams to define and enforce security requirements, remediate vulnerabilities, and perform security testing. You will also conduct penetration tests, analyze security logs, manage web application firewalls, and interpret SAST results. The ideal candidate possesses 3+ years of application security experience, a strong understanding of web application architecture, and excellent communication skills. RxSense offers a competitive salary and a dynamic work environment.

Requirements

• BS in Information Systems preferred but appropriate experience is acceptable
• 3+ years of experience in application security is required
• Must have the ability to identify, analyze and solve security risks pragmatically
• Familiarity with web application architecture, APIs, and cloud environments
• Experience with security standards and frameworks, such as OWASP, NIST, or CIS
• Practical understanding of common application security vulnerabilities
• Excellent problem-solving and analytical skills with demonstrated ability to investigate and solve complex problems
• Excellent communication skills are needed with demonstrated ability to work with multiple organizational functions and levels

Responsibilities

• Work with development and product teams to define security requirements and ensure they are followed
• Partner with development and product teams to drive remediation of security gaps
• Coordinate 3rd party penetration tests and work with internal teams to remediate findings
• Perform architecture and design reviews on company applications
• Monitor and analyze application security logs and events to detect and respond to security threats
• Perform monitoring and management of Web Application Firewall
• Interpret and manually validate Static Application Security Testing (SAST) results
• Manage SAST, SCA and DAST tools to ensure comprehensive testing and remediation of findings
• Analyze and report on risks discovered through application security testing
• Participate on project teams as InfoSec representative
• Ability to quickly adapt to changing priorities as business needs change
• Excellent interpersonal and communication skills a must

Preferred Qualifications

• Knowledge and experience with techniques, tools and practices pertaining to securing the SDLC (Software Development Lifecycle)
• Experience with software development, programing, scripting
• Experience with OWASP ZAP or Burp Proxy
• Experience with static application security testing tools
• Knowledge and experience with implementing and managing web application firewalls
• High level understanding of securing Cloud Platforms, AWS and GCP, cloud architecture
• Although the position is in application security domain, a broad interest/experience across the whole security domain would be an advantage
• Certifications a plus; GWAPT, GWEB, CISSP, etc

Benefits

Salary Range: $120,000 - $135,000