Lead Security Engineer

One of our clients, major Healthcare Technology Company is looking for

• Responsible for socializing and driving the execution of key security best practices across the R&D organization
• Contribute to enterprise security catalog of best practices, techniques and patterns to enable secure implementation of features in products/product families
• Instruct R&D engineers on using security tools (SAST, DAST, SCA) and presenting solutions to mitigate findings
• Identify and explain feature level design or architectural weaknesses which could result in security issues
• Work with key stakeholders including enterprise security leadership to track open issues and follow up to resolution
• Partner on resolution of identified security issues when appropriate
• Work with key stakeholders like DevOps, Infrastructure, et al to build security hardened tech stacks that are used for development and production
• Document, share, and help automate coverage for common abuse cases and attacks

• At least 3 years experience as a software developer and 3-5 years in a security focused development role in an agile development environment
• Experience in software and product design and architecture, product security, security issue prevention and mitigation strategies
• Strong knowledge of programming languages - Java, JavaScript (NodeJS), C#, Perl, Python, etc. In addition to ability to understand code we need an ability to understand security bugs in it.
• Knowledge of key security technologies like OAuth, SAML, etc.
• Solid understanding of the web services world including RESTful services, Service Bus architectures, JSON etc
• Experience with Static and Dynamic Code Analysis tools like Veracode, CheckMarx, AppSpider, HP Fortify, HP WebInspect, IBM AppScan, Coverity etc.
• Current knowledge of HIPAA, HITRUST, PCI-DSS requirements
• Bachelor's degree in Computer Science, Computer Engineering, Cyber Security or similar or equivalentexperience