Senior Application Security Engineer at Invitae

| Remote
Sorry, this job was removed at 11:29 a.m. (CST) on Monday, July 12, 2021
Find out who's hiring in Austin.
See all Developer + Engineer jobs in Austin
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Location: San Francisco, CA or Remote throughout US

Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we serve. We are leading the transformation of the genetics industry, by making genetic testing affordable and accessible for everyone to guide health decisions across all stages of life. 

Our Information Security Team is pushing the envelope on shift left strategies to ensure all software development and IT operations at Invitae adhere to security best practices from inception to implementation.  We’re looking for individuals passionate about furthering this vision and helping to redefine what state of the art means!

What you’ll do:

The Sr. Application Security Engineer will be responsible for: 

  • Ensuring web applications, APIs and cloud services are planned, designed, developed, implemented, and monitored in accordance with the Information Security Policy and associated HITRUST, HIPAA, PCI and SOX security controls
  • Developing, implementing and monitoring enterprise information security architectures and solutions. 
  • Designing and automating assessments through penetration testing and ethical hacking, then analyzing security risks and recommending mitigating and compensating security controls.
  • Working closely with the Security Operations Team to develop new incident response plans and playbooks related to web application security threats
  • Working closely with engineering and QA to ensure security principles are enforced in all stages of the software development lifecycle
  • Participating in source code reviews and providing assessments of changes to application design and architecture prior to release to production
  • Working closely with cross functional teams to embed security, logging, and auditing in all applications hosted within the corporate and cloud environments
  • Performing assessments of security tools, vendors and solutions to support information security roadmap initiatives
  • Developing and maintaining a program to deliver on demand training associated with high risk coding practices and detected software security vulnerabilities
  • Working closely with Security Governance & Compliance to develop and deliver required compliance training related to secure software development best practices
  • Performing internal penetration testing working closely with the engineering team to assess and prioritize discovered security issues and vulnerabilities
  • Maintaining and supporting application security tools, including static and dynamic security analysis solutions, and developing relevant documentation
  • Leading a cross functional team of security and engineering champions to mature software development practices throughout the organization based upon BSIMM guiding principles
  • Working closely with the CISO to develop metrics and dashboards for executive reporting on the progress and status of application security initiatives and objectives

What you bring:

  • Minimum 7+ years of experience in Information Security with an emphasis on application security
  • At least one security related certification, such as CISSP, GIAC, CSSLP, CEH required.  OSCP strongly preferred.
  • Experience with the development, deployment, and automation of application security solutions in an enterprise cloud based environment
  • Deep understanding of OWASP Top 10 and CWE/SANS Top 25
  • Demonstrated proficiency in ethical hacking and white hat penetration testing techniques
  • In-Depth knowledge of web application architecture, API development, and MVS frameworks required
  • Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously. 
  • Demonstrated experience in investigating security issues related to web application exploits, credential stealing and authentication-based exploits
  • Familiar with threat models for large, distributed systems and cloud-based SaaS infrastructure

Preferred:

  • Experience in DevOps environments and maintaining security in CI/CD processes highly desired
  • Solid understanding of AWS architecture and services
  • Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2. Strong understanding of HITRUST highly desired.
  • Hands-on technical proficiency with Burp Suite, Metasploit and Kali Linux highly preferred.
  • Experience in creating detailed solution design documents & diagrams
  • Demonstrated ability to facilitate automation and integration through scripting highly preferred.
  • Demonstrated proficiency in JavaScript, HTML, React/Angular and Python.  Programming experience in Java, Go, Scala, Python, C++ or C highly preferred.

At Invitae, we value diversity and provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.


#L1-HS1

#LI-Remote

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • C#Languages
    • C++Languages
    • JavaLanguages
    • JavascriptLanguages
    • PHPLanguages
    • PythonLanguages
    • SqlLanguages

Location

Situated in Austin's Central Business District, one block West of the Texas State Capitol.

What are Invitae Perks + Benefits

Invitae Benefits Overview

At Invitae, our employees are the key to our continued success. Our culture is one of our most important strengths. A set of commitments we make to each other and to our customers to build a world-class organization in service of our mission. That is why Invitae proudly offers comprehensive perks and benefits program with choice and flexibility in mind.

Culture
Friends outside of work
Eat lunch together
Intracompany committees
Daily sync
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Diversity
Dedicated Diversity/Inclusion Staff
Unconscious bias training
Diversity manifesto
Someone's primary function is managing the company’s diversity and inclusion initiatives
Mean gender pay gap below 10%
Diversity Employee Resource Groups
Hiring Practices that Promote Diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Pet Insurance
Wellness Programs
Team workouts
Mental Health Benefits
Retirement & Stock Options Benefits
401(K)
Company Equity
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Family Medical Leave
Adoption Assistance
Return-to-work program post parental leave
Vacation & Time Off Benefits
Unlimited Vacation Policy
Sabbatical
Paid Holidays
Paid Sick Days
Perks & Discounts
Beer on Tap
Casual Dress
Commuter Benefits
Company Outings
Free Daily Meals
Game Room
Stocked Kitchen
Some Meals Provided
Happy Hours
Parking
Pet Friendly
Recreational Clubs
Home Office Stipend for Remote Employees
Professional Development Benefits
Job Training & Conferences
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Mentorship program
More Jobs at Invitae88 open jobs
All Jobs
Finance
Data + Analytics
Design + UX
Dev + Engineer
Marketing
Operations
Product
Project Mgmt
Sales
Developer
new
Remote
Developer
new
Remote
Developer
new
Austin
Developer
new
Remote
Data + Analytics
new
Remote
Developer
new
Remote
Data + Analytics
new
Austin
Data + Analytics
new
Remote
Operations
new
Remote
Operations
new
Remote
Finance
new
Remote
Marketing
new
Remote
Developer
new
Remote
Developer
new
Austin
Data + Analytics
new
Remote
Data + Analytics
new
Remote
Data + Analytics
new
Remote
Developer
new
Austin
Design + UX
new
Austin
Data + Analytics
new
Remote
Developer
new
Austin
Project Mgmt
new
Remote
Developer
new
Austin
Project Mgmt
new
Austin
Developer
new
Remote
Data + Analytics
new
Remote
Developer
new
Remote
Project Mgmt
new
Austin
Data + Analytics
new
Remote
Product
new
Austin
Design + UX
new
Austin
Data + Analytics
new
Austin
Operations
new
Remote
Data + Analytics
new
Remote
Data + Analytics
new
Austin
Data + Analytics
new
Remote
Data + Analytics
new
Austin
Data + Analytics
new
Remote
Developer
new
Remote
Operations
new
Remote
Developer
new
Austin
Project Mgmt
new
Remote
Product
new
Austin
Developer
new
Remote
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView Invitae's full profileSee more Invitae jobs