Security Software Engineer

WebMD is the most recognized and trusted brand of health information and the leading provider of health information services, serving consumers, physicians, healthcare professionals, employers and health plans through our public and private online portals and WebMD the Magazine. The WebMD Health Network includes WebMD, Medscape, MedicineNet, eMedicine, RxList, theheart.org and Medscape Education. Our consumer portals and mobile health applications provide engaging, relevant and credible health and wellness information, personalized health assessment tools and access to online communities.

WebMD is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of race, ancestry, color, religion, sex, gender, age, marital status, sexual orientation, gender identity, national origin, medical condition, disability, veterans status, or any other basis protected by law.

Position Overview:We are looking for a software developer to join our software security engineering team and help enhance WebMD Health Services' internal security program with focus on application security testing, penetration testing, secure coding practices, and security awareness training.How do you know if this is the right role for you? If you:

• Have a love for all things cyber security, especially in the medical/healthcare sector
• Have strong analytical and problem-solving skills
• Have a naturally curious nature and love learning how things work
• Want to help design more secure software
• Believe in "shifting left" and using your knowledge and talent to train and empower other development teams in software security best practices

Your Skills and Experience:

• Languages: Efficiency in C#, Javascript, TypeScript, PowerShell, and SQL. Some knowledge of Java, Objective-C, and Swift is preferred but not required.
• Strong knowledge of web application security vulnerability types such as SQL Injection, Cross-site Scripting, Cross-site Request Forgery, Remote Code Execution, and Information Disclosure.
• Familiar with security testing software/tools such as Kali Linux, BurpSuite, nMap, NetCat, and Metasploit.
• Familiarity with networking concepts such as routing, subnetting, IDS/IPS, firewalls, IPv4/v6, and HTTP.
• Familiarity with information security related concepts such as symmetric and asymmetric encryption, public key infrastructure, Security Assertion Markup Language (SAML), and OpenPGP.
• Certifications: Any related to software design, networking, and information security such as CompTIA Security+/Network+, Certified Ethical Hacker, or Certified Secure Programmer are strongly preferred but not required.

Bonus:

• You've participated in some hacking competitions, capture-the-flags, or bug bounties.