The Senior Application Security Engineer establishes and performs procedures necessary to ensure the security of Application assets and to protect them from intentional or inadvertent access or destruction in accordance with company policies. Team member will communicate application security requirements and technical security concepts to internal and external project groups, application development teams, architects, managers and supporting customer staff on HP products. Works with business and application owners to understand business needs and establish security action plans and priorities. Web Application and Source Code scanning of customer applications, analyzing and auditing results with development and/or security teams and offering plans for remediation of vulnerabilities. You'll enjoy the flexibility to telecommute* from anywhere within the U.S. as you take on some tough challenges. Primary Responsibilities: Automation of Security tools for scanning and report generation Maintain, Configure, Support and Administer Contrast Security, HP Fortify Security Software Center and VeracodeHave hands on experience; provide training, problem resolution and support related to Contrast, Fortify, and VeracodeExecute application vulnerability assessment of internal and external via automated and manual techniques to understand the risk and security posture of an applicationProvide customer consultation involving validation of evidence, exposure, remediation recommendations and risk posture to both executive management and technical teamsDirects and consults with development teams in the remediation efforts of security findings and explain risk and trade-offs in differing methods of remediationWork with technical and non-technical teams to define and document application security requirements vulnerability validation and manual source code reviews
Required Qualifications: Must be a US CitizenUndergraduate Degree or High School Diploma with 5+ years of equivalent experience and an IT Security related certificationDesired Certification in Information Security - CISSP, CISM, CEH, GPEN, GWAPT Experience with the following Web Assessment tools: Contrast, Fortify, WebInspect, BURP Suite PRO, SoapUI, Kali Linux and other tools as neededAbility to build relationships and work well with different the organizations and diverse groups in a fast moving and dynamic virtual environmentAbility to communicate clearly and effectively through oral or written communication with all levels in the organizationFamiliarity with Security technologies, including authentication/access control mechanisms, encryption, penetration testing, Source Code Analysis and Web Vulnerability AssessmentAn understanding of ethical hacking methodologies, Secure Coding, frameworks, and industry resources, e.g. OWASP, NIST publications, SANS/CWEPreferred Qualifications: Demonstrated technical experience with security assessment tools and automated security scanning productsAbility to conduct Manual Source Code Security Analysis of developer source looking for coding flaws and errors for remediationAbility to write custom scripts to automate security tools, reporting and implement automation within DEVOPS communityDemonstrated In-depth knowledge and understanding of computer applications to demonstrate proficiency with development frameworks& languages (Java, NET, C/C++, C#, PHP etc.)Demonstrated collaboration skillsDemonstrated understanding of the relationship between security policies/standards and other control mechanismsDefine/implement exceptions to established security policies and controls in order to meet business requirements, as appropriateTechnology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people's lives. This is where it's happening. This is where you'll help solve the problems that have never been solved. We're freeing information so it can be used safely and securely wherever it's needed. We're creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life's best work.(sm) *All Telecommuters will be required to adhere to UnitedHealth Group's Telecommuter Policy Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law. UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment. Job Keywords: IT Security, Application Security, Penetration Testing, Application Security Specialist, Application Security Specialist, Cyber Security Analyst, Security Engineer, Cyber Security Engineer, Cyber Security Analyst, telecommute, telecommuter, remote, work from home
Internal Number: 751333
About UnitedHealth Group
Our mission is to help people live healthier lives and to help make the health system work better for everyone.- We seek to enhance the performance of the health system and improve the overall health and well-being of the people we serve and their communities. - We work with health care professionals and other key partners to expand access to quality health care so people get the care they need at an affordable price. - We support the physician/patient relationship and empower people with the information, guidance and tools they need to make personal health choices and decisions.