Ensora Health is the leading provider of software and services for mental and behavioral health therapists, trusted by over 200,000 individual providers and more than 28,000 practices. Our unmatched expertise, partnership, and breadth of products allow us to fine-tune solutions that meet the specific needs of everyone from solo practitioners to larger practices. With AI-enabled solutions that span practice management to electronic medical records and e-prescribing to billing, we help eliminate administrative complexity and create harmony between therapists, their clients, and the whole healthcare community.

Job Description

We are seeking a highly motivated and proactive Application Security Engineer to join our Security Organization. The ideal candidate will be a team player with a passion for building secure software systems and the technical expertise to mature and innovate our application security programs. This position involves close collaboration with Software Engineering teams, Risk & Compliance stakeholders, and leadership to ensure secure outcomes for our applications and infrastructure.

Responsibilities

• Advocate for Secure SDLC Practices: Actively engage with software development and product teams to promote secure software development lifecycle (SDLC) activities.
• Application Security Program Development: Manage and enhance the application security program through direct interaction with engineering teams, including attending scrum meetings and assisting with technical remediations.
• Metrics and Stakeholder Communication: Define, develop, and present key application security metrics on a regular basis. Identify critical issues proactively and communicate them effectively to stakeholders.
• Security Operations Leadership: Define strategies, processes, and oversee operations of tools and methodologies such as SAST, SCA, DAST, and penetration testing across the application portfolio.
• Continuous Improvement: Actively seek improvement opportunities for application security and penetration testing operations, as well as overall processes and activities.
• Collaborative Security Design: Partner with architects and engineers to review and design security requirements for projects.
• Risk Assessment and Advisory: Appropriately assess risks and provide software security advice during business decision-making.
• Technical Expertise: Serve as a subject matter expert in penetration testing, vulnerability scanning, and exploit techniques across applications, networks, and cloud environments.
• Vulnerability Management: Oversee vulnerability identification and prioritization while guiding development teams to address risks, including reviewing applications against OWASP Top 10 and other common flaws.
• Policy and Compliance Collaboration: Work with Risk & Compliance teams on HIPAA, HiTrust, and other audits, providing expertise in policy development and compliance procedures.
• CI/CD Integration: Design and integrate automated solutions, security guardrails, and policies into CI/CD pipelines and development lifecycles.
• Developer Engagement: Build relationships with security champions and the broader developer community to ensure timely delivery of key initiatives.
• Education and Awareness: Develop and support education and awareness strategies for the development community, fostering a culture of secure coding practices.
  
  

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience.
• 5+ years of experience in Application Security, with a focus on secure software development and penetration testing.
• Expertise in application security testing methodologies, including SAST, SCA, DAST, and penetration testing.
• Strong understanding of OWASP Top 10, common security vulnerabilities, and best practices.
• Hands-on experience with security tools such as Microsoft Azure DevOps (ADO) ,GitHub, GitHub Advanced Security, Burp Suite, ZAP, Checkmarx, Veracode, or similar.
• Experience with cloud security principles (AWS, Azure) and DevSecOps practices such as agile framework
• Familiarity with regulatory requirements such as HIPAA, HiTrust, and other compliance frameworks.
• Proficiency in scripting and automation (Python, Bash, PowerShell, etc.).
• Strong problem-solving skills and the ability to work independently and collaboratively.
• Excellent communication skills to interact with both technical and non-technical stakeholders.
• Hands-on experience with CI/CD pipeline security integrations.
• Effective communicator with the ability to build strong relationships with technical and non-technical stakeholders.
• Self-starter with a proactive approach to problem-solving and improvement.
• This is a remote role with standard working hours aligned to Eastern Standard Time (EST)
• Flexibility is required, as you may occasionally need to work outside regular hours to address incidents or other critical needs, this role will engage other stakeholders across the organization to drive change and promote security
• Security certifications such as CISSP, OSCP, CEH, or GWAPT preferred.
• Experience integrating security tools into CI/CD pipelines preferred.
• Previous experience working in a SaaS environment, preferably in the healthcare sector preferred.
  
  

Additional Information

While we've outlined some key qualities we typically seek, it's essential to remember that there might be additional unique strengths and talents you possess that would make you an exceptional match for us, even if they're not explicitly mentioned. Studies have consistently highlighted the significance of this principle, particularly for individuals from disenfranchised backgrounds, including women and other marginalized groups. These individuals often hesitate to apply unless they meet every single requirement, unlike their male counterparts who are more inclined to apply when they meet around 60% of the criteria.

The message we want to convey is that taking a leap of faith and applying can be incredibly rewarding. Your distinct abilities and perspectives could be exactly what we need to create a more diverse and inclusive team. So, don't hesitate—apply today and let's explore the exciting possibilities together!

All your information will be kept confidential according to EEO guidelines.

At Ensora Health, Diversity, Equity, Inclusion, and Belonging aren’t just words. We celebrate what makes us unique, foster an ecosystem of inclusion for all and harness our talents to promote diversity of thought and action in everything we do.

We instill Diversity, Equity, Inclusion, and Belonging into the fabric of our CARING culture and business, as we strive to be recognized not only as the leader in healthcare technology, but also for our intentional efforts to promote a diverse community.

We will champion non-discriminatory practices throughout the employee and customer lifecycle; caring for every person regardless of race, national origin, color, religion, disability, sex, orientation, or familial status.

Ensora Health is an equal opportunity employer.