Application Cyber Security Engineer

at  Sentara Healthcare

Department and Name: HSS – IT Security Services – MGR
Physical Location: Sentara Independence
Employment Status: Regular – Full-Time
Shift: First (Days)
Posted Date: January 24, 2025
Sentara Health is seeking an Application Cyber Security Engineer to join our Cybersecurity team!
This position is 100% Remote –Candidates must have a current residence in one of the follow states: Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine Maryland, Minnesota, Nebraska, Nevada, North Carolina, New Hampshire, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington (state), West Virginia, Wisconsin, Wyoming !

JOB DESCRIPTION SUMMARY:

As an Application Cyber Security Engineer, you will be responsible for ensuring the security and integrity of Sentara’s software applications. You will play a vital role in identifying vulnerabilities, implementing secure coding practices, and conducting thorough security assessments. Your experience in application security and knowledge of industry standards will help protect critical applications from cyber threats and ensure the confidentiality, integrity, and availability of sensitive data.
An Experienced Professional applies practical knowledge of job areas typically obtained through advanced education and work experience. Responsibilities typically include: • Works independently with general supervision. • Problems faced are difficult but typically not complex. • May influence others within the job area through explanation of facts, policies, and practices.

REQUIREMENTS:

• Proven experience (2 years) in application security, with a strong understanding of application vulnerabilities and secure coding practices.
• Familiarity with web application security concepts, technologies, and frameworks (e.g., HTTP, SSL/TLS, OWASP, etc.).
• Experience with security testing tools and methodologies, such as SAST, DAST, or secure code review tools.
• Proficiency in programming languages commonly used in application development, such as Java, .NET, Python, or JavaScript.
• Strong analytical and problem-solving skills, with the ability to effectively assess and communicate application security risks.
• Excellent written and verbal communication skills, with the ability to collaborate with cross-functional teams and explain complex security concepts to non-technical stakeholders.
• Knowledge of application security controls: Secure coding practices, Authentication and Authorization, Input Validation, Encryption, Logging and Auditing, Vulnerability Management, Penetration Testing, Secure Software Development Lifecycle (SDLC), Access Control, Patch Management, Artificial Intelligence (AI) and Machine Learning (ML).
• Knowledge of various technical frameworks and concepts (MITRE ATT&CK, CIS, Kill Chain, etc)
• Experience working in a highly regulated environment.
• Ability to express complex technical concepts in business terms.
• Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
• Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
• Regularly interact with all levels of management to present and discuss control effectiveness.
• Review and coordinate changes to cyber security policies, procedures, and standards.

Application Security Assessments:

• Conduct comprehensive security assessments of software applications, including static and dynamic code analysis, vulnerability scanning, and penetration testing.
• Identify and prioritize application vulnerabilities, security weaknesses, and coding flaws, and provide recommendations for remediation.
• Collaborate with development teams to integrate security testing tools and methodologies into the software development lifecycle.