First Stop Health
We deliver care that people love. Members can talk with doctors or counselors 24/7 via app, website or phone.
Application Security Engineer
Location
Illinois
Posted
7 days ago
Salary
Not specified
Bachelor Degree5 yrs expEnglishAWSAzureCloudFirewallsGoogle Cloud PlatformSDLC
Job Description
• Responsible for designing, implementing, and maintaining application security practices across the organization
• Partner closely with engineering, DevOps, and the broader Information Security team
• Embed security into the software development lifecycle (SDLC)
• Ensure applications are resilient against evolving threats
• Apply deep knowledge of application security architecture and design principles
• Review application architectures to identify security risks and recommend appropriate controls and mitigation strategies
• Design and implement secure coding standards, guidelines, and patterns aligned with industry best practices
• Lead and support the implementation of a secure SDLC
• Ensure security requirements are consistently applied across cloud, web, mobile, and API-based applications
• Perform and facilitate threat modeling exercises with development teams
• Conduct risk assessments and provide actionable guidance to reduce application-level security risk
• Lead application security assessments, including static and dynamic analysis, architecture reviews, and manual testing
• Perform and oversee code reviews to identify security vulnerabilities and design flaws
• Serve as a trusted security advisor to development teams
• Develop and deliver security training and awareness content for developers and technical stakeholders
• Monitor relevant threat intelligence sources related to application and software supply chain risks
Job Requirements
- Preferred Bachelor’s degree or equivalent practical experience
- Preferred Security+, Certified Application Security Engineer (CASE), Certified Secure Software Engineer Lifecycle Professional (CSSLP), etc.
- 5 - 8 years in information security, IT, or related technical roles
- Strong understanding of application security architecture, design principles, and secure coding practices
- Experience securing CI/CD pipelines and DevOps workflows
- In-depth knowledge of security best practices and industry standards (e.g., OWASP Top 10, CWE, NIST, ISO-aligned controls)
- Experience implementing and operating a secure SDLC in modern development environments
- Ability to conduct complex security assessments, including manual code reviews and architecture analysis
- Experience leading security assessments and penetration testing engagements
- Working knowledge of threat modeling methodologies and risk assessment techniques
- Strong knowledge of security principles and technologies (e.g., encryption, authentication, firewalls, IDS/IPS, incident response, EDR, etc.)
- Hands-on experience with SAST, DAST, SCA technologies such as Snyk, GitHub Advanced Security, etc.
- Familiarity with cloud platforms (AWS, Azure, or GCP) and associated security features and configurations
- Understanding regulatory standards (GDPR, HIPAA, PCI-DSS, ISO 27001) and how they impact operations
- Strong analytical and problem-solving skills; able to identify risks and propose effective mitigations
- Excellent communication and collaboration skills
Benefits
- health and medical coverage options
- dental and vision coverage
- disability and life coverage
- medical waiver allowance
- remote-first work environment
- flexible paid time off, including Summer Fridays
- employer match 401k plan
- monthly phone stipend
- First Stop Health membership benefit
