Senior Security Engineer- Red Team

Senior Security Engineer-Red Team

Company Overview

Cohere Health is illuminating healthcare for patients, their doctors, and all those who are important in a patient’s healthcare experience, both in and out of the doctor's office. Founded in August 2019, we are committed to eliminating wasteful friction patients and doctors experience in areas that have nothing to do with health and treatment, particularly for diagnoses that require expensive procedures or medications. To that end, we build software that is expressly designed to ensure the appropriate plan of care is understood and expeditiously approved, so that patients and doctors can focus on health, rather than payment or administrative hassles.

Opportunity overview:

We are looking for an Application Security Engineer to be part of our Security Operations & Engineering (SecOps) team. SecOps is committed to proactively detect, respond to, simulate, and identify breach attempts and threat actors.You will work with a team who oversee overall enterprise security systems implementation, lifecycle (S-SDLC), and support.  We’re looking for a security engineer that can work collaboratively with our security, product, infrastructure architecture and engineering teams to implement secure solutions.

Last but not least: People who succeed here are empathetic teammates who are candid, kind, caring, and embody our core values and principles. We believe that diverse, inclusive teams make the most impactful work. Cohere is deeply invested in ensuring that we have a supportive, growth-oriented environment that works for everyone.

What you will do:

• Perform Application Security Pen Test planning, execution, reporting, findings remediation tracking and support developer remediation.
• Manage vulnerabilities at scale, automate the detection and reporting of security flaws.
• Proactively train application developers in secure coding practices and participate in code review to ensure adoption.
• Coordinate resolution of issues cross-company that arise from vulnerabilities, including working with engineers and Support to provide information to customers or regulators, leadership prioritizing resources, and Incident Response teams that are coordinating incidents.

What we are looking for

• Detailed technical knowledge of database, application, and operating system security
• Excellent problem solving, troubleshooting, and analytical thinking skills.
• Knowledge of identity management systems, networking, network protocols, and router/firewall configuration is highly recommended.
• You are a team player and are interested in working in a fast-paced startup environment

Your background and characteristics:

• Experience with software development lifecycles and related tools (e.g., bug trackers, software repositories, and code testing frameworks, etc.).
• Experience building tools to support data management and automation including dashboards
• Deep understanding of software, protocol and hardware vulnerabilities.
• Demonstrating experience performing penetration testing assessments;
• Excellent communication skills with the ability to represent and explain complex technical concepts to a variety of audiences

 Minimum Qualifications

• Education: Bachelor's degree in software engineering or a similar field
• 5+ years of experience in multiple security engineering disciplines (e.g., red teaming, penetration testing, security operations, application security, secure software or system design)
• Experience with cloud solutions such as Azure and AWS - Experience with security policy, procedures, tools, services, and cloud security models.
• Detailed technical knowledge of database, application and operating system security
• 5+ years of experience in a development or security role, working with development team(s) that delivered commercial software or software-based services
• Deep understanding of security vulnerabilities and mitigations
• Deep experience related to offensive security best practices (Penetration Testing, Red Team, Bug Bounty), and growing and maturing offensive security skillset.
• Experience installing open source security software
• Prior experience in integrating tools with CI/CD Pipeline
• In-depth knowledge of various web-related technologies (such as Web applications, services, architectures etc.)
• Familiarity with application security control models such as OWASP SAMM
• Knowledge of security control frameworks and standards such as SOC2, ISO 27001, NIST, and CSA CCM desirable

We can’t wait to learn more about you and meet you at Cohere Health!

Equal Opportunity Statement

Cohere Health is an Equal Opportunity Employer. We are committed to fostering an environment of mutual respect where equal employment opportunities are available to all. To us, it’s personal.

#LI-Remote

#BI-Remote