Applications Security Engineer II

You could be the one who changes everything for our 28 million members by using technology to improve health outcomes around the world. As a diversified, national organization, Centene's technology professionals have access to competitive benefits including a fresh perspective on workplace flexibility.
 

Position Purpose:

Applies cybersecurity and privacy principles to ensure the organization's applications and services are implemented according to internal security standards. Recognizes vulnerabilities in security systems (e.g., vulnerability and compliance scanning). Performs threat modeling, security code reviews, security assessments, security hardening reviews, evaluates security designs, etc. throughout the Secure Software Development Life Cycle (SSDLC) process. Engineers and develops cloud automation routines to streamline operations. Promotes understanding and adherence to the SSDLC Policy and Standards.

• Monitor daily activities and reports from application security testing (AST) platforms (Tier 2 support).
• Review and manage escalated weaknesses and vulnerabilities from Tier 1 Engineers.
• Promote understanding and adherence to the secure SDLC policy and standard.
• Review and improve existing standard operating plans (SOPs), policies, and procedures for the response and recovery from incidents.
• Assist in development of training on application security test procedures, DevSecOps maturity, tool integrations and strategy.
• Performs other duties as assigned.
• Complies with all policies and standards.

Education/Experience:

A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science).
Requires 2 – 4 years of related experience.

Or equivalent experience acquired through accomplishments of applicable knowledge, duties, scope and skill reflective of the level of this position.

Technical Skills:

• Basic knowledge of programming and/or scripting languages including, but not limited to C#, Java, Go, JavaScript, Bash, PowerShell.
• Knowledge of application security testing (AST) platforms such as Snyk, Veracode, Netsparker, AppScan, NowSecure, Contrast, etc.
• Knowledge of API security platforms such as Traceable.ai, Salt, Noname Security, etc.
• Knowledge of administrating containerized applications running within Kubernetes.
• Knowledge of administrating applications and/or security tools running within AWS.
• Understanding of DevOps workflows.
• Understanding of CIA triad.
• Standard Operating Procedure development.
• Understanding of Agile operations.

Soft Skills:

• Intermediate - Seeks to acquire knowledge in area of specialty
• Intermediate - Ability to identify basic problems and procedural irregularities, collect data, establish facts, and draw valid conclusions
• Intermediate - Ability to work independently

License/Certification:

• Associate level IT Security certification, ex. AWS, Azure, GIAC, Security+ce, etc. preferred.

Centene offers a comprehensive benefits package including: competitive pay, health insurance, 401K and stock purchase plans, tuition reimbursement, paid …