Lead Application Security Engineer (virtual remote)

Description

The Lead application security engineer ensures that every step of the software development lifecycle follows security best practices. They are responsible for adhering to and promoting secure coding principles and testing applications against security risks and parameters prior to release.

In this role, you will conduct code vulnerability assessments using automated tools. The role will be responsible for configuration and updating tools and rulesets for SAST, DAST, Open Source (SCA), and IaC platforms.

In this role you will be a key player in helping the DevSecOps team enable new capabilities as we transition from Checkmarx hosted on premises to CheckmarxONE SaaS solution.

Responsibilities

Responsibilities

Tasks for this role include:

• Help development teams transition projects and settings from Checkmarx to CheckmarxONE
• Work with development teams to educate them on new capabilities offered by CheckmarxONE (New SAST capabilities, DAST, SCA and IaC)
• Work closely with development teams to provide vulnerability remediation guidance
• Analyze source code and provide false positive analysis
• Help manage access to CheckmarxONE platform (User access and roles)
• Understand and help manage vulnerabilities related to Open Source components

Required Qualifications

• Bachelor's Degree in Computer Science or related field
• At least 5 years' experience with exposure to SAST, DAST, and Open Source tools
• Knowledge of OWASP top 10 vulnerability categories and risk remediation
• Comfortable providing remediation advice to developer teams
• Comfortable analyzing code in a variety of programming languages, primarily NET Core, MVC, C#, NodeJS, Java, etc
• Experience with Azure DevOps, GIT, CI/CD, TDD, and Automated Build Processes
• Experience with Cloud Technologies (Azure, GCP, AWS, etc.)
• Experience with DevSecOps, Software Development Life Cycle (SDLC), Agile (Scrum/Kanban)
• Excellent communication skills with the ability to influence others, can navigate complex organization structures and processes
• Exceptional analytical and problem-solving skills

Preferred Qualifications

• Experience with SAST, DAST and Open Source software, tools and vulnerability management
• Development experience in one or more of the following languages: NET Core, MVC, C#, NodeJS, Java

Humana and its subsidiaries require vaccinated associates who work outside of their home to submit proof of vaccination, including COVID-19 boosters. Associates who remain unvaccinated must either undergo weekly negative COVID testing OR wear a mask at all times while in a Humana facility or while working in the field.

Remote/WAH requirements:

• WAH requirements: Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
• A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required.
• Satellite and Wireless Internet service is NOT allowed for this role.
• A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information

Scheduled Weekly Hours

40