Applications Security

Position summary

Application Security is a pivotal role within our international information security organisation when focus on patients’ applications. You will be responsible for development and implementation across Secure SDLC, being impactful to our development teams. Being a key contributor to the development teams would require broad knowledge of the technology stack across preferably in the health care industry. A developer-centric approach is essential, as you will be expected to empathize with and address the needs of our development teams, fostering a culture where security is ingrained in every aspect of our data workflows.

Roles and responsibilities:

Nobody meets all our requirements. If you, however, meet some of our main criteria bellow and have a foundational information security knowledge in application development, we’ll be more than happy to meet you.

-Experience with Salesforce, Mulesoft and AWS environments

-Experience with application development security frameworks or guidelines like OWASP, SANS, ENISA, NIST, …

-Stay updated with the latest security threats and trends, particularly the OWASP Top 10 vulnerabilities

-Define and apply controls to security best practices (e.g., profiles, roles, permission sets) in Salesforce and other applications

-Ensure compliance with GDPR, ISO 27001, NIS2, and other regulations and standards

-Conduct security assessments and code reviews to identify vulnerabilities in applications

-Implement and manage security tools and continuous information security audit Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA), IaC, container security,…

-Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC)

-Provide guidance and training to developers on secure coding practices

-Review and help remediate SOQL injection, Cross-Site Scripting (XSS), CSRF, and insecure API exposures, and other vulnerabilities and error corrections

-Develop and maintain security documentation, including risk assessments and mitigation strategies

-Define logging and monitoring security needs

-Define encryption standards for compliance

-Define how API security should work and ensure connected apps (Such as Mulesoft) are properly configured

-Conduct regular risk assessments and mitigate threats proactively

-Communicate security risks and solutions effectively to both technical and non-technical stakeholders

Skills requirements / preferences:

-Essential effective oral and written communication skills in English and Spanish

-Experience in full software development lifecycle from requirements gathering, design, software development, testing and retirement of systems

-Hands-on experience with AppSec tools and security configurations.

-Experience with CI/CD scripting.

-Familiar with security tools like PMD, Checkmarx, SonarQube, Burp Suite, Salesforce Security Health Check.

-Cloud & Infrastructure Security knowledge in AWS, Azure.

-Experience with the DAST/SAST/IaC/SBOM tools.

-Experience with automation tools.

-Experience with hardening infrastructure

-Experience with containers and/or Kubernetes

Education requirements:

-A bachelor’s degree in computer science or comparable knowledge

Valuable certifications:

-Certified Secure Software Lifecycle Professional (CSSLP)

-Certified DevSecOps Professional (CDP)

-CISM, CISSP, or relevant security certifications