Security Software Engineer

| Austin

Position Summary –
As a Security Developer you will be working with key stakeholders like R&D, product owners, business owners and enterprise security leadership. The primary goal is to work on ensuring identified security issues across different product families and infrastructure are resolved either with code fixes and/or configuration changes as appropriate. You will have the opportunity to learn about and create hardening different components of the technical stack used to develop and deploy applications on the internal private cloud and public clouds like AWS and Azure. Your skills will be relied on to provide engineering and product teams with security expertise to increasingly secure our products.


Responsibilities may include, but are not limited to:

  • Responsible for leading, assisting resolution of identified security issues, when appropriate resolving the issues via code changes, configuration changes etc
  • Works with key stakeholders including enterprise security leadership to track open issues and follow up to resolution
  • Ensures scan and pen test results are analyzed in a timely manner and captured in the bug tracking system to enable review and prioritization
  • Categorizes issues per the pre-defined process and works with key stakeholders like product management, R&D and business owners to ensure resolution
  • Works with key stakeholders like Dev Ops, Infrastructure et al to build security hardened tech stacks are used for development and production

Education, Experience, and Skills Required:
Must have:

  • Bachelors degree in Computer Science, IT, IS, Cyber Security or similar
  • At least 5 years of strong programming background with at 1-2 years as a Security Developer
  • Experience working with modern web application frameworks like JavaScript with Node.JS, .Net Framework, and scripting languages like Perl, Python etc
  • Solid understanding of the web services world including RESTful services, Service Bus architectures, using JSON etc
  • Experience in understanding and resolving security issues, preferably in the healthcare context
  • Maintained current knowledge of HIPAA, HITRUST, PCI-DSS requirements
  • Skilled at applying advanced risk management techniques to defeat advanced attackers
  • Experience in software and product development, product security, security issue prevention and mitigation strategies

Ideally, you will also have:

  • Strong knowledge of programming languages – Java, Perl, Python, JavaScript, Node.JS
  • 3 years of experience with assessing threats, risk, and vulnerabilities, while working with internal/external pen testing teams
  • 3 years of experiences working with OWASP, SANS Standards or OSSTM and experience with COTS security products
  • Familiarity with threat modeling while reviewing designs and architectures
  • Knowledge of key security technologies like OAuth, SAML, etc.
  • Experience with Static and Dynamic Code Analysis tools like HP Fortify, HP WebInspect, IBM AppScan, VeraCode, Coverity etc.
  • Working knowledge of Secure Development Lifecycle practices in an Agile development environment
  • Experience with working with private cloud and public cloud including when using AWS, Azure etc

Behaviors & Abilities Required:

  • Zeal to learn
  • Debugging issues/behaviors
  • Clear communications
  • Effective collaborator
  • Good team player
  • Lead or follow as needed

Key words: Software security, Vulnerability Resolution, OWASP, Secure Coding; Product Security

Position Summary –
As a Security Developer you will be working with key stakeholders like R&D, product owners, business owners and enterprise security leadership. The primary goal is to work on ensuring identified security issues across different product families and infrastructure are resolved either with code fixes and/or configuration changes as appropriate. You will have the opportunity to learn about and create hardening different components of the technical stack used to develop and deploy applications on the internal private cloud and public clouds like AWS and Azure. Your skills will be relied on to provide engineering and product teams with security expertise to increasingly secure our products.


Responsibilities may include, but are not limited to:

  • Responsible for leading, assisting resolution of identified security issues, when appropriate resolving the issues via code changes, configuration changes etc
  • Works with key stakeholders including enterprise security leadership to track open issues and follow up to resolution
  • Ensures scan and pen test results are analyzed in a timely manner and captured in the bug tracking system to enable review and prioritization
  • Categorizes issues per the pre-defined process and works with key stakeholders like product management, R&D and business owners to ensure resolution
  • Works with key stakeholders like Dev Ops, Infrastructure et al to build security hardened tech stacks are used for development and production

Education, Experience, and Skills Required:
Must have:

  • Bachelors degree in Computer Science, IT, IS, Cyber Security or similar
  • At least 5 years of strong programming background with at 1-2 years as a Security Developer
  • Experience working with modern web application frameworks like JavaScript with Node.JS, .Net Framework, and scripting languages like Perl, Python etc
  • Solid understanding of the web services world including RESTful services, Service Bus architectures, using JSON etc
  • Experience in understanding and resolving security issues, preferably in the healthcare context
  • Maintained current knowledge of HIPAA, HITRUST, PCI-DSS requirements
  • Skilled at applying advanced risk management techniques to defeat advanced attackers
  • Experience in software and product development, product security, security issue prevention and mitigation strategies

Ideally, you will also have:

  • Strong knowledge of programming languages – Java, Perl, Python, JavaScript, Node.JS
  • 3 years of experience with assessing threats, risk, and vulnerabilities, while working with internal/external pen testing teams
  • 3 years of experiences working with OWASP, SANS Standards or OSSTM and experience with COTS security products
  • Familiarity with threat modeling while reviewing designs and architectures
  • Knowledge of key security technologies like OAuth, SAML, etc.
  • Experience with Static and Dynamic Code Analysis tools like HP Fortify, HP WebInspect, IBM AppScan, VeraCode, Coverity etc.
  • Working knowledge of Secure Development Lifecycle practices in an Agile development environment
  • Experience with working with private cloud and public cloud including when using AWS, Azure etc

Behaviors & Abilities Required:

  • Zeal to learn
  • Debugging issues/behaviors
  • Clear communications
  • Effective collaborator
  • Good team player
  • Lead or follow as needed

Key words: Software security, Vulnerability Resolution, OWASP, Secure Coding; Product Security

Read Full Job Description

Location

800 W Cesar Chavez St , Austin, TX 78701
800 W Cesar Chavez St , Austin, TX 78701

Perks of working here

401(K) Matching
Casual Dress
Dental
Generous PTO
Health Benefits
Generous Parental Leave
Vision
Volunteering Opportunities
More Jobs at athenahealth10 open jobs
All
Design + UX
Developer + Engineer
Product
Content
Developer + Engineer
athenahealth
Developer + Engineer
athenahealth
Developer + Engineer
athenahealth
Design + UX
athenahealth
Product
athenahealth
Developer + Engineer
athenahealth
Developer + Engineer
athenahealth
Developer + Engineer
athenahealth
Developer + Engineer
athenahealth