We Are Hiring
Senior Application Security Specialist- Infra Security - Full-Time, Days - 7715 Chevy Chase Bldg - Austin, TX Why Join Ascension?
Ascension Technologies leverages technology to create collaborative solutions that improve everyday health decisions. The technology enables seamless access to data across all applications transforming the customer experience when interacting with technology and enhancing our ability across Ascension to better serve communities with greater agility and responsiveness. It is used to provide insightful use of automation and data-drive improvements to enhance the provider, patient and consumer experience as well as keeping cybersecruity with a strong posture to protect data and other valuable assets.
Ascension is a faith-based healthcare organization dedicated to transformation through innovation across the continuum of care. As one of the leading non-profit and Catholic health systems in the U.S., Ascension is committed to delivering compassionate, personalized care to all, especially to those most in need. In FY2018, Ascension provided nearly $2 billion in care of persons living in poverty and other community benefit programs. What You Will Do Job Summary:
The Senior Application Security Specialist will lead the evaluation of the security posture of Web Applications, Mobile Applications, API's and Web Services hosted both on-premises and in the cloud. The specialist will work jointly with Product Development Teams and Architects to review application code, identify potential security issues, and suggest/track remediations for applications and back-end systems. Conduct web and mobile application security vulnerability assessments using Static Application Security Testing (SAST), Software Composition Analysis (SCA), and / or Dynamic Application Security Testing (DAST) using scanning tools and manual checks to provide visibility to the appropriate development teams in order to coordinate follow-up. An understanding of modern web application development languages is necessary to communicate mitigating controls and potential remediation activities. Familiarity will Continuous Integration/Continuous Delivery (CI/CD) is also required. Responsibilities:
What You Will Need Education:
- Align application security strategy with business goals.
- Partner with developers to refine security checkpoints in the SDLC that are based industry-accepted doctrine such as NIST SP 800-115 and/or ISO security standards.
- Develop policy and relevant guidelines to define security and operational requirements.
- Translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.
- Manage and executes strategies to increase application security knowledge throughout the enterprise.
- Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
- Use tools and manual testing to perform code security analysts to identify vulnerabilities and attack vectors in web applications.
- Work with information security analysts to refine web application penetration testing methods and breadth of security services.
- Obtain and review all required artifacts as part of various security checkpoint phases in the development lifecycle cycle.
- Collaborate with periodic security risk assessments, IT security audits, and management reporting.
- Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model.
- Mentor and train less experienced personnel
- High school diploma/GED with 2 years of experience, or Associate's degree, or Bachelor's degree required
- Bachelor's degree preferred or equivalent work experience.
Equal Employment Opportunity
- 1 year of experience required.
- Three years of experience with a focus on web application security methods preferred.
- Security risk assessment and systems security audit work experience is highly desired.
- Experience working with common application security tools such as Fortify or BurpSuite is a plus.
- CISSP, CEH or other technical security certifications preferred
- Self-starter with the ability to perform tasks as an individual contributor or as a project lead.
Ascension Technologies is an EEO/AA Employer M/F/Disability/Vet. Please click the link below for more information.http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf
EEO is the Law Poster Supplementhttp://www.dol.gov/ofccp/regs/compliance/posters/pdf/ofccp_eeo_supplement_final_jrf_qa_508c.pdfE-Verify Statement
Ascension Technologies participates in the Electronic Employment Verification Program. Please click the E-Verify link below for more information.E-Verify
(link to E-verify site)