Staff Application Security Engineer

Summary

Join Kyruus Health as a Staff Application Security Engineer and champion application security strategies across our product portfolio for payers, providers, and medical groups. Lead security assessments, penetration testing, and code reviews, while mentoring other engineers and fostering a culture of continuous learning. Drive the implementation and enhancement of our Secure SDLC, ensuring security is integrated throughout the development lifecycle. Effectively communicate complex security concepts and risks to various audiences, including senior management. Leverage your expertise to design and implement secure coding standards and guidelines, and introduce improvements based on fact-based analysis or benchmarking. Exercise independent judgment and ownership, prioritizing and delivering on commitments efficiently. React quickly to changing priorities and exhibit mental fortitude when facing challenges.

Requirements

• 8+ years of experience within application security, information security
• Deep understanding of regulatory compliance standards, such as GDPR, HIPAA, PCI-DSS, or ISO 27001, and experience in leading the implementation and maintenance of compliance programs
• Has comprehensive knowledge of security principles, technologies, and best practices, including encryption, authentication, SAST, DAST, SCA, and secrets scanning
• Knowledge of security principles, technologies, and best practices, including firewalls, web application firewalls, intrusion detection/prevention systems, and incident response
• Understanding of security testing tools and techniques, such as vulnerability scanning, penetration testing, and secure code analysis
• Understanding of cloud platforms (AWS, Azure, or Google Cloud) and their security features, best practices, and configurations, including hybrid and multi-cloud environments
• Ability to provide thought leadership and strategic direction in application security, balanced with the ability to lead security assessments, penetration testing, and code reviews
• Exceptional analytical and problem-solving skills, with the ability to identify and address complex security risks and develop innovative, comprehensive mitigation strategies
• Strong project management skills, with the ability to plan, execute, and monitor security projects and initiatives, effectively prioritizing based on risk and business impact
• Excellent communication and collaboration skills, enabling effective interaction with both technical and non-technical stakeholders
• Experience in mentoring, coaching, and developing less experienced team members, building a strong team culture and fostering collaboration across the organization

Responsibilities

• Lead and champion the Kyruus Health strategy for Application Security as it relates to our product portfolio for Payers, Providers, and Medical Groups
• Act as the internal expert, leading key outcomes and solutions within application security
• Effectively communicate with and influence senior stakeholders and all organizational levels, providing expert guidance on complex application security challenges
• Influence and drive security initiatives across the organization, contributing to the overall organizational security strategy
• Leverage your deep understanding of application security architecture and design principles to design and implement secure coding standards and guidelines
• Provide expert security guidance to development teams, ensuring security is baked in from the ground up
• Lead complex security assessments and penetration testing engagements, performing in-depth code reviews and basic skills in threat modeling and risk assessment
• Proactively monitor relevant threat intelligence and communicate critical findings to the Information Security Team and other stakeholders
• Drive the implementation and enhancement of our Secure SDLC, ensuring security is integrated seamlessly throughout
• Mentor other application security engineers, as well as software engineers, fostering a culture of continuous learning and growth
• Develop and deliver tailored security training and awareness programs, specifically focused on AppSec best practices, to various audiences across the organization
• Effectively communicate complex security concepts, risks, and recommendations to various audiences, including senior management
• Leverage your understanding of security governance, risk, and compliance (GRC) to ensure our applications meet rigorous security standards
• Introduce improvements based on fact-based analysis or benchmarking, leading to higher levels of performance
• Demonstrate in-depth knowledge of security best practices and industry standards, consistently challenging the status quo to accelerate disruption and foster an environment where innovation and calculated risks are encouraged
• Exercise independent judgment in methods and techniques, creating formal networks for cross-group coordination
• Positively and productively own failures, displaying ownership for others to witness, and prioritize and deliver on commitments efficiently to build trust with stakeholders
• React quickly, synthesize diverse feedback, and align relevant stakeholders to urgent, ever-changing priorities
• Exhibit mental fortitude and grit, maintaining passion, perseverance, and consistency when facing adversity and difficult challenges

Benefits

• Medical, dental, and vision benefits
• Unlimited paid time off (PTO)
• Generous paid parental leave
• A home office stipend
• 401(k) program with company match
• A wellness and lifestyle program
• Annual bonus program
• Equity