Essential Duties & Responsibilities
· Develop and implement application security policies, standards, and procedures across the organization.
· Oversee vulnerability management processes, including scanning, assessment, and remediation.
· Conduct and manage regular security assessments, code reviews, and penetration testing.
· Collaborate with development teams to promote secure coding practices and provide guidance on security architecture.
· Produce regular reports on application security metrics, vulnerability trends, and risk assessments for senior management.
· Manage and improve application security tools, including static/dynamic analysis and runtime testing tools.
· Manages team in the day-to-day performance of their jobs and ensures ongoing development of staff knowledge and skills to ensure efficient and effective team operation.
· Ensures project/department goals are met and adhere to approved budgets for those projects/goals.
· Manages and leads work group meetings, including preparing agendas, prioritizing tasks, and identifying any obstacles that may be present.
· Monitors systems for cybersecurity vulnerabilities and leads vulnerability audits.
· Supports the CISO in identifying risks and potential controls for mitigating those risks.
· Participates in the organization’s software development lifecycle (SDLC) process to provide insight into mechanisms and solutions for mitigating security risks within customer products.
· Assist with other projects and initiatives as part of the Security team.
Education and Experience
. An Associate's degree in computer science, cybersecurity, or a related field is required. Accredited certification in these areas is an acceptable substitute. Minimum Qualifications.
8+ Years of experience of software engineering with 3 or more focused on a security function
. 3+ Years of proven hands-on management experience of software / software engineers.
· Strong familiarity with common application security vulnerability frameworks (such as those listed in OWASP Top 10), Security Testing methodologies, SDLC, and their application to HIPAA regulation.
· Experience working with DAST, SAST, and related tools such as Fortify, SCA, Burp Suite, and SonarQube.
· Current certification in an industry-recognized information security certification such as Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA), (CEH), or Certified Information Security Manager (CISM). If not currently certified, must be eligible for certification and obtain the certificate within one year of the hire date.
· Experience in performing manual secure code review of popular web application programming languages (Java, JavaScript/TypeScript, C#, Python, etc).
Skills/Knowledge
· Translate security concepts into language that is meaningful to many audiences, including business and technical leaders and individual contributors.
· Be able to approach application security from the perspective of risk management.
· Outstanding communications and interpersonal skills
· Strong comprehension of the Software Development Life Cycle (SDLC)
· Strong organizational skills and ability to multi-task
· Ability to lead individuals and teams to achieve common business goals
· Ability to provide coaching, direction, and feedback to direct reports
· Ability to prioritize frequently competing initiatives
· Ability to exemplify the Greenway leadership competencies of Caring for Self, Caring for Others, and Caring for our Brand
Disclaimer: This Job Summary indicates the general nature and level of work expected of the incumbent(s). It is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of the incumbent. Incumbent(s) may be asked to perform other duties as requested. Greenway Health, LLC is an Equal Opportunity Employer. We do not discriminate on the basis of race, religion, age, gender, national origin, sexual orientation, disability, or veteran status.
#LI-REMOTE