What are the responsibilities and job description for the Application Security Engineer II position at One Call Medical, Inc.?
Application Security Engineer II
We're looking for colleagues who are ready to Think Big, Go Fast, Deliver Awe, and Win Together.
These core values embody our diverse and inclusive culture and help us live out our mission of "getting people the care they need when they need it." Over the last 30 years, our company has established itself as the market leader in managed care for the workers' compensation industry.
We are committed to making a positive impact in the lives of the injured workers we serve, and we have fun doing it.
Salary Range: $86000 - $141800Salary
This compensation range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.
The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.
At One Call, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.
A reasonable estimate of the current range is $86000 - $141800Salary
Benefits Summary:
In return for your commitment to our company's mission, we offer a vast array of benefits to help support the whole you.
The engineer provides expertise and support for application security functions including secure code review, security automation, manual security testing, and design reviews.
They work with the development teams to integrate security tools and processes within the SDLC.
Intermediate professional role.
Moderate skills with high level of proficiency.
Develops and implements solutions that require analysis and research.
Works on small to large, complex projects that require increased skill in multiple technical environments.
Possesses knowledge in a specific business area.
Works on one or more projects as a team member or occasionally as a project lead.
May coach more junior technical staff. Works under general supervision with latitude for independent judgment.
May consult with senior peers on certain projects.
Typically requires 3 or more years of experience.
Typically reports to an IT Security Manager.
GENERAL DUTIES & RESPONSIBILITIES:
EDUCATIONAL AND EXPERIENCE REQUIREMENTS:
GENERAL KNOWLEDGE, SKILLS & ABILITIES:
PHYSICAL/EMOTIONAL DEMANDS & WORK ENVIRONMENT:
We're looking for colleagues who are ready to Think Big, Go Fast, Deliver Awe, and Win Together.
These core values embody our diverse and inclusive culture and help us live out our mission of "getting people the care they need when they need it." Over the last 30 years, our company has established itself as the market leader in managed care for the workers' compensation industry.
We are committed to making a positive impact in the lives of the injured workers we serve, and we have fun doing it.
Salary Range: $86000 - $141800Salary
This compensation range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.
The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.
At One Call, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.
A reasonable estimate of the current range is $86000 - $141800Salary
Benefits Summary:
In return for your commitment to our company's mission, we offer a vast array of benefits to help support the whole you.
- Opportunities to work from home
- Competitive wages with opportunities to earn annual merit increases
- Paid development hours to use for professional and community development!
- Generous paid time off, 8 company holidays, and 2 floating holidays per year
- $1,000 Colleague Referral Program
- Enterprise Recognition Program rewarding colleagues for their extraordinary work
- Exclusive discounts on travel, activities, and merchandise via work discount program
- Colleague Assistance Program that provides free counseling and financial services
- Tuition Reimbursement Program including certifications
- Quantum Health: A healthcare navigation platform to help our colleagues make the best, most cost-effective healthcare decisions
- Medical, dental, and vision insurance
- Pre-Tax FSA and HSA health savings accounts
- 401(k) matching
- Company paid life insurance
- Company paid short term and long-term disability
- Referral program
- Healthcare concierge
- The One Call Foundation which aims to help colleagues during unexpected emergencies, from car accidents to natural disasters.
The engineer provides expertise and support for application security functions including secure code review, security automation, manual security testing, and design reviews.
They work with the development teams to integrate security tools and processes within the SDLC.
Intermediate professional role.
Moderate skills with high level of proficiency.
Develops and implements solutions that require analysis and research.
Works on small to large, complex projects that require increased skill in multiple technical environments.
Possesses knowledge in a specific business area.
Works on one or more projects as a team member or occasionally as a project lead.
May coach more junior technical staff. Works under general supervision with latitude for independent judgment.
May consult with senior peers on certain projects.
Typically requires 3 or more years of experience.
Typically reports to an IT Security Manager.
GENERAL DUTIES & RESPONSIBILITIES:
- Systematically address application security issues and develop secure coding practices for multiple development teams.
- Provide mitigation strategies for applications from a secure coding perspective.
- Utilize application security scanning tools such as Burpsuite/Fortify to interpret reports and validate identified vulnerabilities and associated risks.
- Perform manual security testing and gap analysis services to the business.
- Proactively work with team members to address security and compliance issues.
- Provide education and assistance to application developers for applying Security into the Software Development Life Cycle.
- Collaborate with development teams to prioritize and remediate vulnerabilities throughout the application lifecycle.
- Evaluate security technology, methodology, and tools to help better the SDLC.
- Improving and supporting application security tool services including SAST, DAST and SCA.
- Utilize source code scan tools to assist application development teams to apply the best practice for application security and catch potential vulnerabilities at early stage.
- Supporting vendor management activities to ensure third party software and development meet security standards.
- Integrate threat modeling practices into the SDLC.
EDUCATIONAL AND EXPERIENCE REQUIREMENTS:
- Bachelor's degree in Computer Science, Information Systems, Mathematics, or equivalent education, training, or work experience.
- Security certification such as CSSLP, OSWE, GWAPT, etc.
is a plus
GENERAL KNOWLEDGE, SKILLS & ABILITIES:
- Experience with scripting languages, such as Python or Power shell, to integrate systems.
- Excellent written/verbal communication skills, a strong customer service orientation, and demonstrated organizational and skills required.
- Understanding of cloud security and experience with design and/or implementation of applications in the cloud.
- Strong software engineering background with extensive experience working in complex enterprise environments implementing software development lifecycles.
- Extensive experience in addressing web application security issues, such as those outlined in OWASP Top 10 and CWE/SANS Top 25.
- Experience developing secure coding practices with C#, Asp.Net (MVC and WebForms), HTML/CSS, SQL Server.
- Experience with Azure pipelines.
- Experience performing manual and automated testing to identify vulnerabilities.
- Knowledge of security in both Linux and Windows environments as it pertains to Web application hosting, middleware (IIS, Apache, Tomcat, PHP, ColdFusion, Ajax), and databases (Oracle, MySQL, MS SQL Servers).
- Experience with the development, deployment, and automation of application security solutions in an enterprise cloud-based environment.
- Experience in DevOps environments and maintaining security in CI/CD processes highly desired.
- Solid understanding of Microsoft Azure architecture and services.
- Must be able to work outside standard core hours when business needs dictate
- Stays current with advancements in technology and techniques to ensure that security solutions are continuously improved, supported, and aligned with industry and company standards.
PHYSICAL/EMOTIONAL DEMANDS & WORK ENVIRONMENT:
- For roles located in office or home settings; this job is primarily sedentary and may involve repetitive motions; the employee is regularly required to sit, use hands and fingers, speak, and hear.
- For roles located in the field; this job is primarily active; the employee is regularly mobile and must be able to utilize transportation (such as driving), sit, use hands and fingers, speak, and hear.
- The employee is occasionally required to stand, walk, and lift objects (up to 10lbs weight; up to 4 ft. height).
- Specific vision abilities required by this job include ability to see things from a close distance and ability to adjust focus.
- The work environment utilizes florescent lighting; noise level is moderate.
- The emotional demand of the job may cause undue stress from, but not limited to, moderate/heavy workload.
- Reasonable accommodations will be individually assessed and possibly made to enable individuals with disabilities to perform the essential functions of the position.
- Please be advised this job description is subject to change at any time.
Location/Region: Springfield, Illinois
Salary : $86,000 - $141,800
Information Security Engineer
CultureFit -
Quincy, IL
Telecom Engineer II
Memorial Health -
Springfield, IL
Software Engineer II
Horace Mann -
Springfield, IL