Cardinal Health Senior Applications Security Engineer in Michigan
We currently have a full-time job opening for an Senior Application Security Engineer. We are open to a remote worker for this role.
The Information Security organization is on a tremendous growth journey. We aim to be a world-class cybersecurity organization that enables Cardinal Health to be healthcare’s most trusted partner. We boast tremendous opportunities to grow and apply technical skills to meet organizational needs, empowering talented engineers who mentor and uplift others, led by leaders with a maniacal focus on employee development and well-being, dedicated training programs, and a fun, collaborative atmosphere.
As a part of our growth, we are investing heavily in Application Security to enable the enterprise to deliver products and services to our customers with security in mind. Traditionally Application Security was a function of Security Architecture. This new team’s sole function is dedicated to Application Security and is being created to reflect its importance to our organization.
The Web Applications Security Developer is a foundational member of the new Application Security team at Cardinal Health. This role will utilize one's Software Development experience to serve Cardinal Health's best interests by balancing security with software delivery.
Responsibilities include the following:
- Consulting with application teams on secure coding practices, software patterns, and tools
- Partnering with application teams to drive remediation of security gaps
- Monitoring organizational compliance with Application Security standards
- Defining application logging practices and standards
- Collaborating across Information Security to advocate for Application Security
- Building custom tooling when none exists to enable software teams to embed security into their processes
Executing on the Application Security roadmap; aid in defining/refining that roadmap with the leaders
Leads and/or participate in business, culture, technical, and practice initiatives that support information security and continuous improvement
- Assist the technical teams in identifying and remediating security vulnerabilities including explaining to the teams the identified vulnerability, how they would be exploited, and how they are properly defend against
- Responsible for a clear understanding of what a Secure Software Development Lifecycle is and how to enable teams to affectively implement the appropriate controls (Threat Modeling, SAST, DAST, WAF, etc.)
- Drive and support securing of new or improved application security tools (e.g scanning tools)
- Ability to conduct application security assessments (penetration tests, code reviews, threat models, infrastructure review, etc.)
- Give guidance including examples for the development teams to design and implement secure patterns
- Combine automated tools with manual testing to identify and validate vulnerabilities
- Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing.
- Assist with third party information security assessments
- Monitor security trends and drive security best practices throughout the organization
- Evaluating, designing, testing, and recommending new or improved controls to keep current with industry standards and compliance requirements.
- Bachelors degree in related field, or equivalent work experience
- Advanced work experience as a security engineer, software engineer with security experience or equivalent position
- SDLC and DevSecOps concepts such as CI/CD pipelines
- Strong understanding of cybersecurity and secure application development practices
- Experience with conducting application security assessments (penetration tests, code reviews, threat models, infrastructure review, etc.)
- Strong working understanding of Application Security (common app vulnerabilities as well as remediation and defense strategies)
- Understanding of Identity and Access Management protocols and technologies (FIDO, U2F, Web-Auth, SSO, SAML, OAuth, Federation, etc.)
- Aware of common security vulnerabilities like OWASP Top 10 and Ransomware with the ability to communicate successfully to the business the remediation
- Experience advising and mentoring diverse teams where you do not have direct authority
- Familiarity with security frameworks associated with COBIT, COSO, HIPAA/HITECH, ISO, ITIL, NIST, PCI DSS, SOC and SOX
- Experience utilizing resources like OWASP, CWE Top 20, etc.
- Professional certification in the information security space (e.g. CISM, CISSP, CSSLP, GIAC) or other security certification at a similar level is a plus.
- Working knowledge in common vulnerabilities and attacks for both commercial applications and infrastructure like (OWASP Top 10, CWE, etc.)
- Proficient understanding in Security domains such as Application Security, Cloud Security, Cryptography, Authentication, Authorization, oAuth, SAML, etc.
- Knowledge of Secure Software Development Lifecycle (SDLC)
- Experience with application security tools such as SAST (Veracode, Checkmarx, Microfocus-Fortify, etc.) and DAST (Burp Suite, ZAP, HP-Fortify, AppSpider, etc.)
- Proficiency in multiple programming languages, expertise in at least one
- Java experience highly preferred
- Experience with RESTful web services
- Comfortable working with open-source technologies
- Proficiency in application/platform security
Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.
To read and review this privacy notice click here (https://www.cardinalhealth.com/content/dam/corp/email/documents/corp/cardinal-health-online-application-privacy-policy.pdf)
Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.
- Cardinal Health Jobs