Sr Application Security Engineer (Pen Tester)- Remote

Welcome to Veradigm, where our Mission is transforming health, insightfully. Join the Veradigm team and help solve many of today’s healthcare challenges being addressed by biopharma, health plans, healthcare providers, health technology partners, and the patients they serve. At Veradigm, our primary focus is on harnessing the power of research, analytics, and artificial intelligence (AI) to develop scalable data-driven solutions that bring significant value to all healthcare stakeholders. Together, we can transform healthcare and enable smarter care for millions of people.

Job Summary:

The Senior Security Engineer primary role will be to lead application security architecture and design reviews working closely with development teams to help mitigate application security risks. As part of this effort, the engineer will also contribute to the internal penetration testing program, leveraging offensive security techniques to assess application security. Ideal candidates will demonstrate an offensive mindset with the ability to recommend practical mitigation strategies and solutions.

What you will contribute:

• Lead application security architecture and design reviews, ensuring security is embedded at every stage of software development.
• Perform threat modeling, security assessments, and secure code reviews to identify vulnerabilities and provide actionable remediation guidance.
• Conduct in-depth web application security testing, including manual and automated assessments, to identify vulnerabilities such as injection flaws, authentication weaknesses, and misconfigurations.
• Participate in and enhance the internal penetration testing program, applying offensive security techniques and developing test plans to simulate real-world attacks.
• Collaborate with development teams to integrate secure coding practices, security automation, and pipeline security into CI/CD workflows.
• Develop and refine security testing frameworks, tools, and methodologies to improve assessment capabilities and automation.
• Stay updated on emerging threats, vulnerabilities, and mitigation techniques, ensuring continuous improvement and adoption of new security practices.
• Educate and train product teams on application security best practices and secure development principles.
• Assist in forensic investigations to determine the source and impact of security breaches when necessary.
• Prepare and present detailed security reports with risk analysis and remediation strategies, effectively communicating to both technical and non-technical stakeholders.
• Contribute to the continuous improvement of the application security program, ensuring alignment with evolving security landscapes and business needs.

The ideal candidate will have:

• Bachelor's Degree or equivalent Technical / Business experience Required
• 4-7 years relevant work experience Preferred
• 3+ years in a comparable security/testing role Required
• CISSP, OSCP, OSCE, CEH, or other relevant certifications are highly desirable as well as the ability to obtain certifications, as needed.
• Ability to navigate through compliance requirements and understand their impact on security assessments.
• Proficiency in pen testing on web applications using Burp Suite and other security testing toolkits, with network and system pen testing experience being welcome but at a lower priority
• Deep understanding of the software development lifecycle and the various stages/areas where vulnerabilities can be introduced. Including:
• Application attack surfaces such as UI/UX interfaces, API endpoints, IDE/source code management, third-party dependencies
• Application design including authentication mechanisms, data encryption/transmission
• Pipeline Security: CI/CD workflows, Infrastructure as Code (IaC)
• Excellent verbal and written communication skills. Ability to explain complex security issues and risks to non-technical stakeholders.
• Strong analytical and problem-solving skills with the ability to think like both an attacker and a defender.
• Knowledge of scripting and programming languages like Python, Bash, or Perl to automate tasks and write custom exploits if necessary

Enhancing Lives and Building Careers

Veradigm believes in empowering our associates with the tools and flexibility to bring the best version of themselves to work and to further their professional development. Together, we are In the Network. Interested in learning more?

Take a look at our Culture, Benefits, Early Talent Program, and Additional Openings.

We strongly advocate that our associates receive all CDC recommended vaccinations in prevention of COVID-19.

Visa Sponsorship is not offered for this position.

At Veradigm, our greatest strength comes from bringing together talented people with diverse perspectives to support the needs of healthcare providers, life science companies, health plans, and the patients they serve. The Veradigm Network is a dynamic, open community of solutions, external partners, and cutting-edge artificial intelligence technologies that provide advanced insights, technology, and data-driven solutions. Veradigm offers a comprehensive compensation and benefits package, including holidays, vacation, medical, dental, and vision insurance, company paid life insurance and retirement savings.

Veradigm’s policy is to provide equal employment opportunity and affirmative action in all of its employment practices without regard to race, color, religion, sex, national origin, ancestry, marital status, protected veteran status, age, individuals with disabilities, sexual orientation or gender identity or expression or any other legally protected category. Applicants for North American based positions with Veradigm must be legally authorized to work in the United States or Canada. Verification of employment eligibility will be required as a condition of hire. Veradigm is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse and inclusive workforce.

From a "VEVRAA Federal Contractor" We request Priority Referral of Protected Veterans

This is an official Veradigm Job posting. To avoid identity theft, please only consider applying to jobs posted on our official corporate site.

Thank you for reviewing this Veradigm opportunity. Does this look like a great match for your skill set? If so, scroll on down and tell us more about yourself!