Applications Security Engineer

Our Mission

Our mission is to SAVE AND IMPROVE LIVES BY EMPOWERING HEALTHCARE CONSUMERS. Come be part of remarkable.

Overview

How you can make a difference

 

We are looking for a passionate Application Security Engineer to join our team! Your primary focus is to ensure that the HealthEquity Technology platform is secure by design and to guide software delivery teams. You will be a key contributor to direct security architecture and design for a talented engineering team working closely with the business team to deliver value. You will work closely with scrum teams and information security to deliver high quality, high-value company initiatives. You’ll have an integral part in helping HealthEquity enhance its platform to secure our members and partners data, reduce costs, increase revenue and improve system scalability.

 

What you’ll be doing 

• Work closely with agile software development teams during design and development phases to guide secure feature design, secure coding practices, and improve overall security maturity.
• Develop application threat models for web, mobile, microservices, and public API’s and mitigation strategies for securing our technologies
• Teach scrum teams how to develop and maintain feature level threat models and mitigate the vulnerabilities
• Conduct static, dynamic, SCA and container vulnerability analysis using industry standard tools
• Perform manual and automated code reviews
• Develop and teach secure coding standards and practices
• Participate in pen testing activities and assisting teams in validating, remediating, and mitigating vulnerabilities
• Work closely with development teams to ensure security at each layer of microservices and container development
• Be the point of contact for helping teams with Threat Models, Risk Ratings, Security mitigations, and Vulnerability Exceptions with the ability to talk through these topics as a teacher
• Contribute to the grooming of the Secure Development Lifecycle on an annual basis
• Design and deliver the annual security training held for the Engineering departments
• Actively participate in the Security Guild as a trainer, advisor, and a leader of the meetings to build a culture of security throughout all engineering teams
• Work with Product Owners and Attack Surface Management to ensure vulnerabilities are identified and remediated within the development pipeline
• Review build pipelines for best-practice security gates and controls

What you will need to be successful

• Bachelor’s degree in Computer Science, Computer Engineering, or other Engineering Discipline is preferred
• 5+ years of experience directly involving the design of secure application features and design patterns for enterprise class .NET based Web Applications
• Demonstrated knowledge developing system and application threat models for enterprise applications and designs to mitigate high risk application threats
• Experience training development teams to develop their own application threat models
• Knowledge of OWASP top 10, OWASP API top 10, OWASP Mobile top 10, and related exploitation techniques, including but not limited to cross-site scripting, SQL injections, session hijacking and insecure direct object references, to obtain controlled access to target systems and mitigating factors for these instances
• Strong understanding of implementing secure web services and identifying vulnerabilities in REST and legacy web services
• Experience with commercial static, dynamic, SCA, and container scanning tools
• Significant experience performing code reviews to instill understanding of good design principals in other team members
• Strong understanding of SOLID software design and implementation principles
• Strong understanding of multi-factor application architectures
• Advanced C#, Node.js, and/or Python Development Skills
• Advanced Cloud development, .NET Core, ASP.Net, MVC 5, Python, and Web API skills
• Certifications preferred CCSP, CSSLP, ECSA, or CISSP
• Certifications desired AZ500, CEH, OSCP, GWAPT, LPT, or GSSP

#LI-Remote

This is a remote position.

Salary Range

$109500.00 To $150,000.00 / year

Benefits & Perks

The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:  

• Medical, dental, and vision 

• HSA contribution and match 

• Dependent care FSA match 

• Uncapped paid time off 

• Paid parental leave 

• 401(k) match 

• Personal and healthcare financial literacy programs 

• Ongoing education & tuition assistance 

• Gym and fitness reimbursement 

• Wellness program incentives 

Why work with HealthEquity 

Why work with HealthEquity 

HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position. Click here to learn more. 

 

You belong at HealthEquity!

HealthEquity, Inc. is an equal opportunity employer, and we are committed to being an employer where no matter your background or identity – you feel welcome and included. We ensure equal opportunity for all applicants and employees without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, veteran status, or other legally protected characteristics. HealthEquity is a drug-free workplace. For more information about our EEO policy, or about HealthEquity’s applicant disability accommodation, drug-free-workplace, background check, and E-Verify policies, please visit our Careers page.

 

HealthEquity uses Microsoft Copilot to transcribe screening interviews between candidates and their direct Talent Partner for note taking and interview summaries. By scheduling a screening interview with us, you consent to Microsoft Copilot’s AI technology recording and transcribing your interview with your Talent Partner. This information will be reviewed for accuracy and then used by HealthEquity to summarize the interview, ensure accuracy, and facilitate our hiring process. We take privacy seriously. You have the option to opt out. If you wish to opt out of this Microsoft Copilot transcription, please notify your Talent Partner in advance of the interview. If we do not receive an opt-out request from you, we will assume that you consent to the use of Microsoft Copilot.

 

HealthEquity is committed to your privacy as an applicant for employment.  For information on our privacy policies and practices, please visit HealthEquity Privacy.