Sr Application Security Engineer (Pen Tester)- Remote

Welcome to Veradigm, where our mission is transforming health insightfully. Join the Veradigm team and help solve many of today's healthcare challenges faced by biopharma, health plans, healthcare providers, health technology partners, and the patients they serve. Our focus is on harnessing research, analytics, and artificial intelligence (AI) to develop scalable data-driven solutions that bring significant value to healthcare stakeholders. Together, we can transform healthcare and enable smarter care for millions of people.

The Senior Security Engineer will lead application security architecture and design reviews, working closely with development teams to mitigate security risks. The role also involves contributing to the internal penetration testing program, using offensive security techniques to assess application security. The ideal candidate will demonstrate an offensive mindset with the ability to recommend practical mitigation strategies.

1. Lead application security architecture and design reviews, embedding security at every stage of software development.
2. Perform threat modeling, security assessments, and secure code reviews to identify vulnerabilities and provide remediation guidance.
3. Conduct web application security testing, including manual and automated assessments, to identify vulnerabilities like injection flaws and authentication weaknesses.
4. Participate in and enhance the internal penetration testing program, applying offensive security techniques and developing test plans to simulate real-world attacks.
5. Collaborate with development teams to integrate secure coding practices, security automation, and pipeline security into CI/CD workflows.
6. Develop and refine security testing frameworks, tools, and methodologies to improve assessment capabilities and automation.
7. Stay updated on emerging threats and mitigation techniques, ensuring continuous improvement of security practices.
8. Educate and train product teams on application security best practices.
9. Assist in forensic investigations to determine security breach sources and impacts.
10. Prepare and present security reports with risk analysis and remediation strategies to technical and non-technical stakeholders.
11. Contribute to the continuous improvement of the application security program.

1. Bachelor's Degree or equivalent technical/business experience.
2. 4-7 years relevant work experience, including 3+ years in security/testing roles.
3. Certifications such as CISSP, OSCP, OSCE, CEH are highly desirable.
4. Ability to navigate compliance requirements impacting security assessments.
5. Proficiency in web application pen testing tools like Burp Suite, with some network/system pen testing experience.
6. Deep understanding of the software development lifecycle and vulnerability points, including application attack surfaces, design, and pipeline security.
7. Excellent communication skills to explain complex security issues to non-technical stakeholders.
8. Strong analytical and problem-solving skills, thinking like both an attacker and a defender.
9. Scripting skills in Python, Bash, or Perl for automation and exploit development.

Veradigm values diversity and inclusion, offering comprehensive benefits and professional development opportunities. We require COVID-19 vaccinations per CDC recommendations. Visa sponsorship is not available for this position. Applicants must be authorized to work in the US or Canada.