Application Security Engineer

As Application Security Engineer, you will be improving Eon's application security posture and keeping the platform secure throughout the Software Development Life Cycle (SDLC)! We are looking for someone who loves to analyze, test and triage application vulnerabilities, participate in code and product security reviews, and help our Developers bake security into their day-to-day workflows and CICD. You will partner closely with our Product and Engineering teams, and external testers, so solid interpersonal skills are a must. This role is a great opportunity to advance an application security program and drive remediation of security weaknesses with an enterprise-wide impact!

In this role you will

• :
  Be an advocate for application security within the organizati
• onHelp develop and maintain a risk-based application security program based on a well-defined application security framewo
• rkEnsure the platform complies with healthcare-specific security standards such as HIPAA and HITRUST, and follow best practices for handling sensitive patient dat
• a.Find common patterns and themes within application vulnerabilities and work with Development teams to address the root caus
• esParticipates in the strategic decisions related to the requirements, design, implementation, and operations of application security framework, processes, and technolo
• gyExecute security-focused code, architecture and integration revie
• wsCoordinate or conduct penetration testing and drive remediation efforts to completi
• onCollaborate with DevOps teams to integrate security testing tools (SAST/DAST) into CI/CD pipelines to enable DevSecOps practice
• s.Keep abreast of the latest security issues and technologi
• esOwn and improve process and procedural documentati
• onAssist with daily activities and functions of the Security team (including alert & incident response) to maintain security posture as well as policy and compliance commitmen

tsSkills & Requirement

• s:
  3+ years of experience in web application penetration testing or a security-focused application development role is a m
• ustAWS Security, CEH, GWEB, GCIH or equivalent certifications are prefer
• redDeep knowledge and familiarity with Cybersecurity Framework, including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top
• TenDeep knowledge of crypto, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens is a m
• ustPossess a relentless desire to (ethically) break into things and can communicate the attack scenarios and mitigation options based on standard framework is desi
• redAbility to read and understand Java, JavaScript, and Pyt
• honAbility to automate repetitive tasks, using Python or other scripting language, is a p
• lusExperience working in regulated industries, with a focus on healthcare security standards (HIPAA, HITRUST) is a pl
• us.Ability to work in a diverse, fast-paced environment and effectively collaborate across te
• amsOutstanding written and oral communication skills with demonstrated ability to clearly articulate to both a technical and functional audie

nce
“So what’s in it for me,” you

ask?
We pride ourselves for being a culture-based company buzzing with high-energy. Aside from the enthusiastic environment, you'll e

• njoy:
  Competitive
• salaryHealth ins
• uranceReferral b
• onusesGenerous vacatio
• n timePaid Maternity and Paternity
• leaveWork from hom
• e daysLunch facility within
• officeTravel all
• owanceCompany equipment (laptop, internet device, screen
• s etc)Professional development and career growth opportu
• nitiesAwesome team m

embers
If we still have your attention, don't delay, send us your