Application Cyber Security Engineer

City/State

Virginia Beach, VA

Overview

Work Shift

First (Days) (United States of America)

Sentara Health is seeking an Application Cyber Security Engineer to join our Cybersecurity   team!

This position is 100% Remote -Candidates must have a current residence in one of the follow states: Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine Maryland, Minnesota, Nebraska, Nevada, North Carolina, New Hampshire, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington (state), West Virginia, Wisconsin, Wyoming !

Job Description Summary:

               As an Application Cyber Security Engineer, you will be responsible for ensuring the security and integrity of Sentara’s software applications. You will play a vital role in identifying vulnerabilities, implementing secure coding practices, and conducting thorough security assessments. Your experience in application security and knowledge of industry standards will help protect critical applications from cyber threats and ensure the confidentiality, integrity, and availability of sensitive data.

          An Experienced Professional applies practical knowledge of job areas typically obtained through advanced education and work experience. Responsibilities typically include: • Works independently with general supervision. • Problems faced are difficult but typically not complex. • May influence others within the job area through explanation of facts, policies, and practices.

Experience in lieu of Bachelor’s Degree

3 years of relevant experience with a degree 

5+ years of relevant experience without a degree  

Primary Responsibilities:

Application Security Assessments:

· Conduct comprehensive security assessments of software applications, including static and dynamic code analysis, vulnerability scanning, and penetration testing.

· Identify and prioritize application vulnerabilities, security weaknesses, and coding flaws, and provide recommendations for remediation.

· Collaborate with development teams to integrate security testing tools and methodologies into the software development lifecycle.

Secure Coding Practices:

· Promote and enforce secure coding practices among developers, ensuring adherence to industry standards and best practices.

· Provide guidance and training to development teams on secure coding principles, secure design patterns, and secure development methodologies.

· Review application source code to identify potential security vulnerabilities and recommend necessary code changes.

Vulnerability Management:

· Manage and track vulnerabilities identified in applications, coordinate with development teams to prioritize and address them in a timely manner.

· Stay updated with the latest security vulnerabilities and threats, and actively monitor vulnerability databases and security advisories.

· Implement vulnerability management processes to ensure effective tracking, remediation, and mitigation of identified vulnerabilities.

Security Architecture and Design:

· Collaborate with architects and development teams to integrate security into the application architecture and design phases.

· Review application design documents, identify security gaps, and propose appropriate security controls and countermeasures.

· Assist in the selection and implementation of security technologies, tools, and frameworks to enhance application security.

Incident Response and Threat Management:

· Participate in incident response activities related to application security incidents, collaborating with incident response teams to investigate and mitigate threats.

· Develop incident response plans specific to application security incidents and conduct post-incident analysis to improve security practices.

· Monitor and analyze application logs and security events to detect and respond to potential security incidents and anomalies.

Office 365 Security Controls:

· Managing Identity and Access by overseeing user identities and access controls, synchronizing identities, setting up single sign-on, and enforcing multi-factor authentication to ensure secure access.

· Threat Protection by establishing and managing threat protection solutions, configuring settings to guard against threats, and actively responding to security incidents.

· Managing Governance and Compliance Features by ensuring Office 365’s compliance with relevant laws and company policies through data governance, archiving, retention policies, and information protection.

Compliance and Standards:

· Ensure that applications comply with relevant security standards, regulations, and industry best practices, such as OWASP Top 10, PCI DSS, or HIPAA.

· Participate in security audits and assessments, working with auditors to address findings and ensure compliance.

· Stay abreast of evolving application security trends, emerging threats, and regulatory changes to provide guidance and recommendations.

Desired Characteristics:

· Strong analytical skills – strong problem-solving skills, communicates in a clear and succinct manner and effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.

· Change oriented – actively generates process improvements; supports and drives change and confronts difficult circumstances in creative ways. Self-motivated, self-directed, flexible, and able to work under pressure and in fast paced team environment.

· Strong functional team player with experience working seamlessly across a matrix structure.

· Excellent interpersonal, written/verbal communication and leadership skills with the ability to make recommendations to all levels of the organization.

Requirements:

· Proven experience (2 years) in application security, with a strong understanding of application vulnerabilities and secure coding practices.

· Familiarity with web application security concepts, technologies, and frameworks (e.g., HTTP, SSL/TLS, OWASP, etc.).

· Experience with security testing tools and methodologies, such as SAST, DAST, or secure code review tools.

· Proficiency in programming languages commonly used in application development, such as Java, .NET, Python, or JavaScript.

· Strong analytical and problem-solving skills, with the ability to effectively assess and communicate application security risks.

· Excellent written and verbal communication skills, with the ability to collaborate with cross-functional teams and explain complex security concepts to non-technical stakeholders.

· Knowledge of application security controls: Secure coding practices, Authentication and Authorization, Input Validation, Encryption, Logging and Auditing, Vulnerability Management, Penetration Testing, Secure Software Development Lifecycle (SDLC), Access Control, Patch Management, Artificial Intelligence (AI) and Machine Learning (ML).

· Knowledge of various technical frameworks and concepts (MITRE ATT&CK, CIS, Kill Chain, etc)

· Experience working in a highly regulated environment.

· Ability to express complex technical concepts in business terms.

· Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.

· Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.

· Regularly interact with all levels of management to present and discuss control effectiveness.

· Review and coordinate changes to cyber security policies, procedures, and standards.

Sentara Overview:

For more than a decade, Modern Healthcare magazine has ranked Sentara Health as one of the nation’s top integrated healthcare systems. That’s because we are dedicated to growth, innovation, and patient safety at more than 300 sites of care in Virginia and northeastern North Carolina, including 12 acute care hospitals.

Sentara Benefits

Sentara Health offers employees comprehensive health & welfare and retirement benefits (401(k)/403(b) with employer match) designed with you and your family’s well-being in mind. You have a variety of options for medical, dental and vision insurance, life insurance, disability, educational assistance, student loan repayment and voluntary benefits as well as Paid Time Off in the form of sick time, vacation time and paid parental leave.  Colleagues have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met.

 

Salary Range $70,215 to $117,026

Job Summary

As an Application Cyber Security Engineer, you will be responsible for ensuring the security and integrity of Sentara’s software applications. You will play a vital role in identifying vulnerabilities, implementing secure coding practices, and conducting thorough security assessments. Your experience in application security and knowledge of industry standards will help protect critical applications from cyber threats and ensure the confidentiality, integrity, and availability of sensitive data.
An Experienced Professional applies practical knowledge of job areas typically obtained through advanced education and work experience. Responsibilities typically include: • Works independently with general supervision. • Problems faced are difficult but typically not complex. • May influence others within the job area through explanation of facts, policies, and practices.

Experience in lieu of Bachelor’s Degree
3 years of relevant experience with a degree
5+ years of relevant experience without a degree

Qualifications:

BLD – Bachelor’s Level Degree

Skills

Sentara Healthcare prides itself on the diversity and inclusiveness of its close to an almost 30,000-member workforce. Diversity, inclusion, and belonging is a guiding principle of the organization to ensure its workforce reflects the communities it serves.

Per Clinical Laboratory Improvement Amendments (CLIA), some clinical environments require proof of education; these regulations are posted at ecfr.gov for further information. In an effort to expedite this verification requirement, we encourage you to upload your diploma or transcript at time of application.

In support of our mission “to improve health every day,” this is a tobacco-free environment.