Sr Application Security Engineer (Pen Tester)- Remote

Job Description

Welcome to Veradigm, where our Mission is transforming health, insightfully. Join the Veradigm team and help solve many of today's healthcare challenges faced by biopharma, health plans, healthcare providers, health technology partners, and patients. At Veradigm, we harness research, analytics, and artificial intelligence (AI) to develop scalable, data-driven solutions that bring value to healthcare stakeholders. Together, we can transform healthcare and enable smarter care for millions.

The Senior Security Engineer will lead application security architecture and design reviews, working closely with development teams to mitigate application security risks. The role includes contributing to internal penetration testing, using offensive security techniques to assess application security. Candidates should demonstrate an offensive mindset with practical mitigation strategy skills.

1. Lead application security architecture and design reviews, embedding security throughout the software development lifecycle.
2. Perform threat modeling, security assessments, and secure code reviews to identify vulnerabilities and suggest remediation.
3. Conduct web application security testing, both manual and automated, to find vulnerabilities like injection flaws and authentication issues.
4. Enhance the internal penetration testing program by applying offensive security techniques and developing test plans.
5. Collaborate with development teams to integrate secure coding, security automation, and pipeline security into CI/CD workflows.
6. Develop and refine security testing frameworks, tools, and methodologies.
7. Stay updated on emerging threats and mitigation techniques to continuously improve security practices.
8. Educate and train product teams on application security best practices.
9. Assist in forensic investigations of security breaches when needed.
10. Prepare detailed security reports with risk analysis and remediation strategies, communicating effectively with technical and non-technical stakeholders.
11. Contribute to the ongoing improvement of the application security program, aligning with evolving security landscapes.

• Bachelor's Degree or equivalent experience.
• 4-7 years relevant work experience.
• 3+ years in a security/testing role.
• Certifications like CISSP, OSCP, OSCE, CEH are highly desirable.
• Understanding of compliance requirements and their impact on security assessments.
• Proficiency in web application pen testing with tools like Burp Suite; network/system pen testing is a plus.
• Deep understanding of the software development lifecycle and vulnerabilities, including application attack surfaces, design, and pipeline security.
• Excellent communication skills to explain complex security issues.
• Strong analytical and problem-solving skills, thinking like both attacker and defender.
• Scripting skills in Python, Bash, or Perl for automation and exploits.

Veradigm supports professional development, diversity, and inclusion. We offer a comprehensive benefits package and promote COVID-19 vaccinations. Visa sponsorship is not available for this role. We are committed to equal employment opportunity and diversity in our workforce. Applicants must be authorized to work in the US or Canada.