“Making Healthcare Right. Together.” is the cornerstone of all we do. Our vision is through powerful relationships with Care Partners, we help all people live healthy and brighter lives. To successfully achieve our mission and vision as we operate in a dynamic health care environment, we expect Bright employees to embody and uphold our core values in work and interactions, both internal and external: be brave, be brilliant, be accountable, be inclusive, and be collaborative.
The Manager of the Application Security team is a member of the Bright Health Information Security Organization and involved in building, maintaining and supporting public cloud security and engineering initiatives. This person will be required to work effectively and seamlessly with our engineering organization’s existing security, engineering and cloud operations. This role will be responsible for training, mentoring and managing security engineering talent.
- Manage security team members and all other assigned information security personnel
- Integrate security tools, standards, and processes into the product lifecycle (PLC).
- Ensure that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities
- Support the incident response and architecture review processes whenever application security expertise is needed
- Manage day-to-day security operations and engineering initiatives
- Mentor, train and develop security personnel
- Project manage team initiatives from planning to final project delivery
- Produce metrics reporting the state of application security programs and performance of development teams against requirements
EDUCATION, TRAINING, AND PROFESSIONAL EXPERIENCE
- Bachelors degree in technical field (required), with Masters degree (preferred).
- 5+ years of team management experience
- 10+ years of application security work experience required.
- Competency in dynamic web application testing, SAST & DAST scanning
- Basic understanding of vulnerability management tools
- Strong understanding of OWASP TOP 10
- Strong understanding of cloud architecture
- Familiar with waterfall and agile development processes and have experience integrating secure development practices into both models
- Familiarity with industry standards and regulations including HIPAA, SOC2, PCI, FFIEC, SOX, and ISO27001 is desired
- ISACA, (ISC)2, Offensive Security or relevant industry certifications preferred
We’re Making Healthcare Right. Together.
We've won some fun awards like Modern Healthcare and Forbes, etc. But more than anything, we're a group of people who are really dedicated to our mission in healthcare. Come join our team!
Check out this great video showcasing just some of the fantastic Technology Team broadcasting from our ATX office!
As an Equal Opportunity Employer, we welcome and employ a diverse employee group committed to meeting the needs of Bright Health, our consumers, and the communities we serve. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.