Application Security Engineer

Location: Remote (For Non-Local) or Hybrid (Local to NYC area)

Position Summary:

As a application security engineer, you will help build and manage services that detect and automate the mitigation of cybersecurity threats across Capital Rx infrastructure. You will work with software engineers, DevOps engineers, and other security engineers across multiple teams to develop innovative security solutions.

Position Responsibilities:

• Lead large security engineering projects from design to conclusion.
• Have a deep understanding of secure coding in Python and Javascript languages
• Establish and collaborate on the standardization of security practices amongst the development teams.
• Drive strategic systemic solutions to solve, remediate, and automate recurring issues.
• Interface with internal partner teams to drive secure coding practices and adherence to modern application security principles.
• Design security into the SDLC pipeline to ensure developers receive early feedback around security practices.
• An internal evangelist of the DevSecOps paradigm.
• Evaluate new secure software solutions with internal partners.
• Write documentation for end-users as needed to facilitate growth and improvements.
• Evaluate, identify, and remediate risks associated with current vendors, new vendor acquisitions, and consumer data exchanges.
• Actively participate in SDLC code-to-cloud and cloud-to-code integrations.
• Help run Internal, external and vendor related red-team exercises.
• Conduct security analysis of AWS and deployed software and drive recommendations.
• Identify, maintain, and publish the requirements for the IT department to achieve compliance and privacy standards in SOC 2, HITRUST, FISMA, FedRamp, ISO 27001, and other standards.
• Assist in developing, tracking and report threat intelligence metrics and KPI�s to senior leadership.
• Experience with incident management and defense coordination against emerging cyber threats and critical vulnerabilities.
• Drive use cases to enable threat detection and hunting based on threat intelligence frameworks.
• Embrace Agile and Scrum practices and concepts.
• Coordinate with the team to ensure security alerts are monitored 24x7 via on-call rotation.
• Provide security consultation to teams across the company.

Required Qualifications:

• 3+ years secure coding experience in Python, React/Redux, JavaScript
• 3+ years designing secure software solutions.
• Extensive experience in AWS services related to security engineering.
• Experience in serverless application architecture.
• Experience writing and updating code via HashiCorp Terraform.
• Extensive experience with DLP, SIEM, DAST/SAST and cloud security vendors and services.
• A customer-oriented approach to problem resolution.
• Experience with Slack, Okta, Zoom, Teams, MDM, OneDrive, Lacework (or similar).
• Excellent written and verbal communication skills
• Highly self-motivated with an ability to work independently.
• Desire to work at a rapidly growing organization.
• Experience supporting remote users in a distributed environment.

Desired Qualifications:

• CACE
• CISSP
• CCSP
• AWS Security Specialty
• AWS Cloud Practitioner

Nothing in this position description restricts management�s right to assign or reassign duties and responsibilities to this job at any time.

About Capital Rx

Capital Rx is a full-service pharmacy benefit manager (PBM) and pharmacy benefit administrator (PBA), advancing our nation�s electronic healthcare infrastructure to improve drug price visibility and patient outcomes. As a Certified B Corp�, Capital Rx is executing its mission through the deployment of JUDI�, the company�s cloud-native enterprise health platform, and a Single-Ledger Model�, which increases visibility and reduces variability in drug prices. JUDI connects every aspect of the pharmacy ecosystem in one efficient, scalable platform, servicing millions of members for Medicare, Medicaid, and commercial plans. Together with its clients, Capital Rx is reimagining the administration of pharmacy benefits and rebuilding trust in healthcare.

Capital Rx values a diverse workplace and celebrates the diversity that each employee brings to the table. We are proud to provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, medical condition, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

#LI-SE1