Director, Application Security

Accounting, Architecture, CISSP, Development, Director, Exchange, ISO, Management, Metrics, Modeling, SDLC, Security, Testing
C2H Independent, Contract Independent, Contract W2, Contract Corp-To-Corp, C2H W2, C2H Corp-To-Corp
Work from home not available Travel required to 10%.

Job Description


Welcome to Allscripts! Our Mission is to be the most trusted provider of innovative solutions that empower all stakeholders across the healthcare continuum to deliver world-class outcomes. Our Vision is a Connected Community of Health that spans continents and borders. With the largest community of clients in healthcare, Allscripts is able to deliver an integrated platform of clinical, financial, connectivity and information solutions to facilitate enhanced collaboration and exchange of critical patient information.

The primary purpose of this role is to drive development and operational teams in the appropriate application of security best practices and the use of advanced security technologies. Work to mitigate development and operational risks in the SDLC.


  • Own and execute the vision for Application Security across the company.
  • Accountable for the overall implementation of the Application Security Process.
  • Serve as a Trusted Partner with and educate Development Teams on Security Best Practices.
  • Drive the identification process for identifying security vulnerabilities, designing and executing on remediation plans involving the acquisition, design, test, integration, and implementation of advanced security tools.
  • Drive teams that execute programmatic scans, pen-testing, red/blue/purple teaming, offensive security testing, threat modeling and bug bounty programs.
  • Assist development and operational teams in the appropriate application of security best practices and the use of advanced security technologies
  • Internally recognized as highly competent in security areas, will review and participate in benchmarking, installation, upgrade, configuration, deployment and testing activity
  • Investigate innovative approaches to improve software security
  • Working knowledge of Secure SDL

  • Knowledge of SAST and DAST

  • Can discuss and explain security risks of Mobile, Web, C-S, Hybrid, and Cloud stacks

  • Knowledgeable of cloud, DevOps, network, systems and software architecture modalities and patterns.

  • Provide executive summary reports of assurance metrics to leadership with a comprehensive inventory of attack surface, the state of testing and defensive coverage of surfaces, and a real-time accounting of open risks within each application.

  • Familiarity with industry changes in security standards, information management, development standards, methods and emerging 3rd party security software in order to advise on security and leverage industry best practice in the design and construction of Allscripts software products

  • Familiarity with regulatory (GDPR, HIPAA ) and certifications (ISO, HITRUST, EHNAC ) and Privacy by Design concepts.

  • Support and mentor members of the team
  • Create a center of expertise and forum for common security design and reuse
  • Participate in the definition and documentation of security standards and best practices


Academic and Professional Qualifications:

  • B.S. in Computer Science or related field required


  • Minimum of 15 years' experience with software product development
  • Minimum of five years' experience managing corporate application and product security programs and teams.
  • Minimum of five years' experience managing a SDL (Secure Software Development Life Cycle) that integrates security into all stages of software development process for a large development organization.
  • Strong App Sec experience
  • Demonstrated technical expertise and understanding of modern development, languages, and cloud platforms.
  • Exceptional skills driving product security initiatives and delivering software security
  • Superb written and verbal communication skills
  • Advanced interpersonal and presentation skills
  • Experience building, developing, and leading highly effective security teams
  • Demonstrated commitment to excellence with corresponding leadership abilities needed to direct and motivate a team to provide industry- leading security
  • Successful at facilitating a collaborative team environment and leading consensus within a team
  • Excellent presentation skills
  • Able to be successful in a team environment, working collaboratively with other members of the management team across the organization
  • Exceptionally organized and proactive on next steps or anticipating issues
  • CISM, CISSP, OSCP, CEH preferred

Travel Requirements:

  • 10%

Working Arrangements:

  • Work is performed in a standard office environment with minimal exposure to health or safety hazards


At Allscripts, our greatest strength comes from bringing together talented people with diverse perspectives to support the technology needs of 180,000 physicians, 1,500 hospitals and 10,000 post-acute organizations across the globe. Allscripts offers a comprehensive compensation and benefits package, including holidays, vacation, medical, dental, and vision insurance, company paid life insurance and retirement savings.

Allscripts policy is to provide equal employment opportunity and affirmative action in all of its employment practices without regard to race, color, religion, sex, national origin, ancestry, marital status, protected veteran status, age, individuals with disabilities, sexual orientation or gender identity or expression or any other legally protected category. Applicants for North American based positions with Allscripts must be legally authorized to work in the United States or Canada. Verification of employment eligibility will be required as a condition of hire.

From a "VEVRAA Federal Contractor" We request Priority Referral of Protected Veterans

Dice Id : 10127643A
Position Id : 2018-19172
Have a Job? Post it

Similar Positions

Senior Application Security Engineer
  • Tiro Security
  • Raleigh, NC
IT Security Architect
  • Numbers Only, Inc.
  • Dix Campus, Raleigh, NC
Consulting Security Analyst
  • Lawrence Harvey
  • Raleigh, NC
Security Engineer
  • Global Technical Talent
  • Durham, NC
IT Senior Cybsersecurity Analyst - Telecommute
  • UnitedHealth Group
  • Raleigh, NC
Application Security Engineer
  • Kforce Technology Staffing
  • Morrisville, NC
Security Engineer
  • V-Soft Consulting Group, Inc
  • Durham, North Carolina
Security Engineer
  • Atrilogy Solutions Group, Inc.
  • Durham, NC
CSOC Security Threat Analyst
  • Experis
  • Morrisville, NC
Endpoint Security Specialist
  • State Employees' Credit Union
  • Raleigh, NC