Lead Application Security Engineer

Lead Application Security Engineer page is loaded

Apply locations Remote - MA time type Full time posted on Posted 2 Days Ago job requisition id R12418

Join us as we work to create a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all.

We are looking for a Lead Security Engineer to help increase the security capabilities of our teams. You will work closely with scrum teams, product managers, and engineering leadership to improve the quality and adoption of athena’s Security Development Lifecycle practices. But enough about us; let’s talk about you!

You are a curious problem solver with a passion for security. You love improving the quality and adoption of Security Development Lifecycle practices and you thrive working in technical leadership roles with a high degree of independence.

The Team: Join a collaborative group that solves new and interesting application security problems at scale. Use your security, engineering, and communication skills to make a difference with the company that allows medical professionals to focus on what they do best - treat patients.

Job Responsibilities:

• Responsible for socializing and driving the execution of key security best practices across the R&D organization.
• Contribute to enterprise security catalog of best practices, techniques and patterns to enable secure implementation of features in products/product families.
• Ensure organization effective use of application security tools (SAST, DAST, SCA, API active testing), including them into unified pipeline where relevant with the goal to prevent vulnerabilities from being introduced into the product features during the development lifecycle.
• Identify and explain feature level design or architectural weaknesses which could result in security issues.
• Partner with key stakeholders including enterprise security leadership to track and prioritize open issues and follow up on resolution.
• Work with key stakeholders like DevOps, Infrastructure, et al to build security hardened tech stacks that are used for development and production.
• Document, share, and help automate coverage for common abuse cases and attacks.

Typical Qualifications:

• Bachelor's degree in Computer Science, Computer Engineering, Cyber Security or similar or equivalent experience.
• At least 3 years experience as a software developer and 3-5 years in a security focused development role in an agile development environment.
• Experience in software and product design and architecture, product security, security issue prevention and mitigation strategies.
• Strong knowledge of programming languages - Java, JavaScript (NodeJS), C#, Perl, Python, etc. In addition to the ability to understand code we need a demonstrated capability to understand security bugs in it.
• Practical experience with Docker and Terraform.
• Knowledge of key security technologies like OAuth, SAML, etc.
• Solid understanding of the web services world including RESTful services, Service Bus architectures, JSON etc.
• Experience with Static and Dynamic Code Analysis tools like Veracode, CheckMarx, AppSpider, HP Fortify, HP WebInspect, IBM AppScan, Coverity etc.
• Current knowledge of HIPAA, HITRUST, PCI-DSS requirements.

About athenahealth:

Here’s our vision: To create a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all.

What’s unique about our locations?
From a historic, 19th century arsenal to a converted, landmark power plant, all of athenahealth’s offices were carefully chosen to represent our innovative spirit and promote the most positive and productive work environment for our teams. Our 10 offices across the United States and India — plus numerous remote employees — all work to modernize the healthcare experience, together.

Our company culture might be our best feature.
We don't take ourselves too seriously. But our work? That’s another story. athenahealth develops and implements products and services that support US healthcare: It’s our chance to create healthier futures for ourselves, for our family and friends, for everyone.

Our vibrant and talented employees — or athenistas, as we call ourselves — spark the innovation and passion needed to accomplish our goal. We continue to expand our workforce with amazing people who bring diverse backgrounds, experiences, and perspectives at every level, and foster an environment where every athenista feels comfortable bringing their best selves to work.

Our size makes a difference, too: We are small enough that your individual contributions will stand out — but large enough to grow your career with our resources and established business stability.

Giving back is integral to our culture. Our athenaGives platform strives to support food security, expand access to high-quality healthcare for all, and support STEM education to develop providers and technologists who will provide access to high-quality healthcare for all in the future. As part of the evolution of athenahealth’s Corporate Social Responsibility (CSR) program, we’ve selected nonprofit partners that align with our purpose and let us foster long-term partnerships for charitable giving, employee volunteerism, insight sharing, collaboration, and cross-team engagement.

What can we do for you?
Along with health and financial benefits, athenistas enjoy perks specific to each location, including commuter support, employee assistance programs, tuition assistance, employee resource groups, and collaborative workspaces— some offices even welcome dogs.

In addition to our traditional benefits and perks, we sponsor events throughout the year, including book clubs, external speakers, and hackathons. And we provide athenistas with a company culture based on learning, the support of an engaged team, and an inclusive environment where all employees are valued.

We also encourage a better work-life balance for athenistas with our flexibility. While we know in-office collaboration is critical to our vision, we recognize that not all work needs to be done within an office environment, full-time. With consistent communication and digital collaboration tools, athenahealth enables employees to find a balance that feels fulfilling and productive for each individual situation.

athenahealth is committed to a policy of equal employment opportunity—that’s why we recruit and hire applicants without regard to race, color, religion, sex (including pregnancy), national origin, disability, age, sexual orientation, veteran status, genetic information, gender identity, gender expression, or any other factor prohibited by law. We’re happy to provide a reasonable accommodation, for those with a disability, to complete any part of the application process. If you are unable to access or use this online application process and need an alternative method for applying, please contact us at taoperations@athenahealth.com for assistance.

https://www.athenahealth.com/careers/equal-opportunity

United by our mission and driven by our entrepreneurial spirit, our work at athenahealth is collaborative, transformative, and above all, it’s meaningful. Our employees take pride in using technology and data-driven insights to inspire changes that will make the U.S. healthcare system better for everyone, including your friends, family and maybe even you.