Senior Application Security Engineer

Covetrus is a global animal-health technology and services company dedicated to empowering veterinary practice partners to drive improved patient health and financial outcomes. Headquartered in Portland, Maine, with more than 5,000 employees and more than 100,000 global customers, our passion for the well-being of animals and those who care for them drives us to advance the world of veterinary medicine. In the USA, we bring together products, services, and technology into a single platform that connects our customers to the solutions and insights they need to work best. Now, our mission is to bring this technology to veterinarians and their clients worldwide. 

SUMMARY

As a member of the Application Security team you will contribute to the culture and processes involved in securing the software development lifecycle. You will work closely with development teams to ensure the security of the software solutions they create and maintain. You will collaborate with stakeholders across the business including engineering, quality, project management, IT, and DevOps. You will review and threat model designs, perform secure code reviews, automate security testing, analyze potential risks, and guide teams to avoid or mitigate items; ensuring software solutions protect Covetrus, our partners, and the pet parents who utilize our solutions.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Partner with product leaders to continually improve their security processes to keep security an integral part of the software development lifecycle.
• Review feature designs providing security assessments, guidance on secure implementation best practices, and threat modelling of potential risks.
• Participate in architectural design reviews providing secure best practices and guidance for individual components and infrastructure patterns.
• Integrate new security test automations into build and release processes.
• Expand existing automation rules and patterns to identify and prevent future occurrences of potential vulnerabilities.
• Perform secure code reviews, leading engineering teams on resolution of discoveries.
• Assist in training teams on application security principles.
• Assist teams in reproducing and triaging application security vulnerabilities.
• Establish and maintain documentation including mitigation guidance for specific vulnerabilities, risks, and project specific standards.
• Verify security control implementations through manual penetration testing and various available security tools.

QUALIFICATIONS:

• Bachelor’s degree in relevant field of study, or equivalent work experience.
• 7+ years of experience in development, quality assurance, DevOps, or application security.
• Expert knowledge of web application and cloud infrastructure vulnerabilities and ability to work with engineering and product teams to understand and protect against those vulnerabilities.
• Proficiency with security controls, vulnerability assessments, and risk management methodologies.
• Strong understanding of application security principles and how to defend against their abuse.
• Experience with application security tools (SAST, DAST, SCA/SBOM, container analysis, infrastructure configuration management).
• Experience identifying security issues through code review.
• Familiarity with C#, Java, Python, React, Angular, AWS, OAuth2, Kubernetes, microservice architecture, CQRS, GraphQL.

COMPETENCIES (Skills and Abilities):

• Strong interpersonal and communication skills to effectively collaborate remotely with stakeholders at all levels of the organization.
• Proficient in threat modeling, risk assessment, defensive software development practices, and securing cloud infrastructure management.
• Aptitude for identifying and automating manual processes to improve efficiency and scalability.
• Attention to detail and a commitment to maintaining the highest standards of data security and privacy.
• Familiarity with agile software development practices.
• Information Security certifications encouraged.
• Experience working in a regulated industry, such as healthcare or finance, is a plus.

PHYSICAL DEMANDS/WORK ENVIRONMENT

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Remote working environment; or
• Pet-friendly office environment
• Extensive computer use

Covetrus is an equal opportunity/affirmative action employer. It does not discriminate against applicants or employees on the basis of race, color, religion, creed, national origin, ancestry, disability that can be reasonably accommodated with undue hardship, sex, sexual orientation, age, citizenship, marital or veteran status, or any other legally protected status.

Salary may vary depending on factors such as confirmed job-related skills, experience, and location.

However, the pay range for this position is as follows. Sales Positions are eligible for a Variable Incentive

We offer the following benefits for you to take advantage of while you are here provided you meet the eligibility requirements under each governing program:

•            401k savings & company match

•            Paid time off

•            Paid holidays

•            Maternity leave

•            Parental leave

•            Military leave

•            Other leaves of absence

•            Health, dental, and vision benefits

•            Health savings accounts

•            Flexible spending accounts

•            Life & disability benefits​

•            Identity theft protection

•            Pet insurance

•            Certain positions may include eligibility for a short term incentive plan

Covetrus is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.