Principal Application Security Engineer

We are open to this role working 100% remote within the United States. Unfortunately, Henry Schein One is unable to hire individuals residing in Alaska, North Dakota, Hawaii, West Virginia, Maryland, Delaware, Puerto Rico or other US Territories at this time. This role is a W2 role and will not consider C2C candidates.

Job Summary

This position is responsible for leading department-wide focus on the strategy, development, implementation, and maintenance of the application security program across research, development, quality assurance, support, and IT systems. This is a high level, conceptual, as well as hands-on position that requires a great deal of general security experience, as well as application development experience and secure coding knowledge.

What You Will Do

• Mentor junior engineers by leading and influencing technical decisions, processes, and best practices with the ability to explain technical concepts in written and verbal forms


• Advise and participate in the design of secure products and architectures


• Perform architecture security reviews, security focused code reviews, and security testing


• Create or approve documentation that codifies the application security program: this will include the development of secure coding policies, procedures and standards, modification of the SDLC to include the necessary security checkpoints, product deployment, and code review methodologies


• Evaluate potential security related issues and make recommendations on third party tools and components


• Work closely with engineering and product teams to design and implement security-related systems and functionality, including writing secure code as necessary, and verification of threat models, risk and security posture


• Monitor software usage and perform forensics to verify that the software and infrastructure is performing to the required security standards


• Perform constant monitoring and awareness of key developments in the area of systems, web application, and client application security in order to provide direction of security trends, and anticipate emerging standards and best practices


• Provide leadership, guidance and direction to security resources and be an influencer of development, systems, support, and quality assurance teams


• Participate in public security projects and or volunteer time and knowledge to improve the broader security community, representing the company's mission and goals, as well as promoting cooperation and knowledge sharing


• Attend all meetings necessary for the seamless delivery of the product as part of the software development lifecycle

Qualifications

What you Will Have

• 10+ years of relevant Information Security and/or Software Engineering experience


• Bachelor's Degree in Computer Science, Information Security or a related field or equivalent professional working experience


• Excellent knowledge of secure application programming, coding life cycles and design


• Excellent understanding of security principles, best practices architectures, tools, and processes


• Advanced knowledge of multiple current operating systems and hosting environments


• Excellent knowledge of software and network architecture and standards


• Excellent knowledge of authentication protocol building blocks and methods


• Excellent ability to conduct threat assessments and assess risk


• Excellent ability to create and maintain risk-based measures and build security processes that work within various development methodologies


• Excellent ability to communicate security objectives to a variety of audiences


• Excellent knowledge of reverse engineering techniques and tools


• Excellent ability to implement code derived from technical specifications


• Advanced knowledge of data storage formats, tools and languages


• Knowledge of a variety of programming languages leveraged in the products being secured

Nice to Haves

• One or more industry relevant certification: CISSP, CEH, PNPT, OSWE, GWAPT OSED, and/or OSCP

The posted range for this position is $139,000 - $208,000 which is the expected starting base salary range for an employee who is new to the role to fully proficient in the role. Many factors go into determining employee pay within the posted range including prior experience, current skills, location/labor market, internal equity, etc. This position is eligible for a 15% bonus not reflected in the posted range.

What you get as a Henry Schein One Employee

• A great place to work with fantastic people


• A career in the healthcare technology industry, with the ability to grow and realize your full potential


• Competitive compensation


• Excellent benefits package! Medical, Dental and Vision Coverage, 401K Plan with Company Match, Unlimited PTO, Paid Parental Leave, Short Term Disability, Work Life Assistance Program, Health Savings and Flexible Spending Accounts, Education Benefits, Worldwide Scholarship Program, Volunteer Opportunities, and more

About Henry Schein One

Henry Schein One?is the global leader in dental management, analytics, communication, and marketing software. Our company's products and services work together as one simple solution to provide users with a seamless and integrated experience.

Our company thrives because of our people. We believe in supportive, diverse, and inclusive workforce, inclusive environments, professional development opportunities, and competitive compensation packages. We value innovation, teamwork, and encourage work-life balance.

One of many reasons why Henry Schein One leads the industry is because of our products, services and most importantly, our people.

In 2022, Henry Schein One was named one of Best Companies to Work for in Utah. Click here for more information: 2022 Best Companies to Work For | Henry Schein One

Henry Schein, Inc. is an Equal Employment Opportunity Employer and does not discriminate against applicants or employees on the basis of race, color, religion, creed, national origin, ancestry, disability that can be reasonably accommodated without undue hardship, sex, sexual orientation, gender identity, age, citizenship, marital or veteran status, or any other legally protected status.