Security Advocate & Community Leader

DescriptionSecurity Advocate & Community LeaderIn this role you will be on a team of security engineers performing triage, analysis, hunting bugs, driving DevSecOps, cultural transformation, while leading security advocate program. We are looking for someone with at least 3 years of application security and teaching others the same. You are a great fit if the following are true: You love developers, teaching, learning, and research. You are passionate about customer experience. You love breaking and building, can code and hack. You can handle complicated bugs and complex application security issues. You can demonstrate where you made a difference, solved problems and help make dev teams happy. Have experience with Git, Gitflow, SAST, DAST, SCA, IAST tooling. Know what the OWASP top 10 is, and understand defensive coding techniques. Architects and Red Teamers don’t scare you. You love open source, community and collaboration. You have experience growing talent and communities. You are organized, have strong public speaking skills and can present to anyone anytime.Responsibilities Own our security advocate program, set monthly meetings, own communication and documentation for the community. Serve as internal evangelist and communicator for DevSecOps. Conducts lunch and learns, events and other internal marketing efforts. Owns and manages developer application security training, metrics, and effectiveness. Review and research issues from our Bug Bounty and Threat Modeling programs, with the goal solving once, fix many. Help developers solve application security defects. Contributes to inner source and demonstrates engineering community engagement. Suggest and execute on common solutions to broad problems, serve has lead advocate for the engineering community in regards to application security functions. Contribute to and execute on our secure software development strategy for the enterprise. Partner with our Security Automation Product Owner, Compliance and governance, and DevOps teams. Improve and expand application security quality across our entire portfolio of applications. Mentor others, you love to share and support, serve as expert for escalated analysis.Required: At least 3 years+ of experience with Applications Security, including familiarity with the leading toolsets supporting Application Security (dynamic and static). Experience with Checkmarx, AppScan, Burp Suite, Contrast, VeraCode, NowSecure, Blackduck, WhiteSource, Fortify or similar tooling. Strong application security experience across a variety of technologies and languages. Deep experience in static code analysis and third-party software composition analysis Excellent communication skills with the ability to influence others Analytical and problem solving skills Understands Git and related tooling. Strong Experience with one of the following: C#, Javascript, Java, Python. Contributes to the broader security or open source community. Must be passionate about contributing to an organization focused on continuously improving consumer experiences Must be passionate about developer experience, privacy, security, quality and product deliveryPreferred: Strong experience in establishing and rolling out DevOps or DevSecOps Cloud experience with Azure, GCP, AWS, Heroku – Azure/GP/AWS Preferred. Experience with Docker or similar container platforms. Experience with BurpSuite. At least 1-2 years of experience working in a product team. You understand design, delivery, and ownership. Knowledge of common information security management frameworks, including but not limited to:ISO 27001/27002, ITIL, COBIT, NIST, BSIMM. Professional security certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials a plus but not required.Scheduled Weekly Hours40About UsMission: At Humana, our cultural foundation is aligned to helping members achieve their best health by delivering personalized, simplified, whole-person healthcare experiences. Recognizing healthcare needs continue to evolve for each person, for each family and for each community, Humana continuously creates innovative solutions and resources that help people live their healthiest lives on their terms –when and where they need it. Our employees are at the heart of making this happen and that’s why we are dedicated to building an organization of dynamic talent whose experience and passion center on putting the customer first. Equal Opportunity EmployerIt is our policy to recruit, hire, train, and promote people without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity or expression, disability, or veteran status, except where age, sex, or physical status is a bona fide occupational qualification. View the EEO is the Law poster.If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact mailboxtasrecruit@humana.com for assistance.Humana Safety and SecurityHumana will never ask, nor require a candidate provide money for work equipment and network access during the application process. If you become aware of any instances where you as a candidate are asked to provide information and do not believe it is a legitimate request from Humana or affiliate, please contact mailboxtasrecruit@humana.com to validate the request.