Senior Security Engineer, Application Security

---

Job description

Hi, we're Oscar. We're hiring a Senior Security Engineer, Application Security to join our Security team in our New York office.

Oscar is a technology-driven, consumer-focused health insurance startup founded in 2012 and headquartered in New York City. Our goal is to make health insurance simple, transparent, and human. We need your help to do so.

About the role:

• Taking care of our members includes securing their data. The mission of the Security team is to protect the data our customers have entrusted to us, and make it possible for Oscar management to make informed, risk-calibrated decisions.
• As a Senior Security Engineer, you will work with other Security team members and partner cross-functionally with Engineering, IT, and SRE to ensure we have the data and tools needed to protect the confidentiality, integrity, and availability of Oscar's data and systems.
• You will report into the Director of Detection and Response.

Responsibilities:

• Implement and tune application security tools with developer user experience in mind, such as SAST, DAST, and WAF
• Automate and integrate security processes and controls throughout our entire SDLC, from IDEs to source control systems to CI/CD pipelines to production deployments
• Define hardening and secure design standards and use them to perform application security reviews in partnership with developer teams
• Build positive relationships with partner teams in IS, DevOps, software engineering, and
• Product Management to continuously improve our application security strategies and priorities for protecting our customers and company
• Excellent time management and prioritization skills with a strong ability to plan, prioritize, and execute projects independently or in coordination with other teams
• Help create metrics to demonstrate the effectiveness of our application security program and inform continuous program improvements
• Report and communicate security issues and topics to technical and non-technical audiences, ranging from individual contributors to C-Suite executives
• Support the overall improvement of the security process and documentation in addressing the emerging threats

Requirements:

• Have 6+ years of career experience related to Application Security
• Knowledge of secure web application architecture patterns and common vulnerabilities
• (OWASP Top 10)
• Experience with database data access/management including Postgres and BigQuery
• Experience implementing application security tools (SAST, RASP, DAST, WAF)
• Experience developing software using JavaScript, Go, Python and Java
• Experience implementing modern cloud infrastructure services in AWS and GCP
• Experience using containers and container orchestration technology (Mesos and
• Kubernetes)
• Experience with Terraform

Bonus points:

• Prior work experience in a risk management capacity
• Prior work experience in or understanding of security challenges specific to the healthcare or health insurance industries