The Senior Application Security Engineer is responsible for ensuring the security of the organization’s business applications including business logic testing, code scanning and web application firewall. The individual will work closely with application development and production support teams to coordinate risk assessment, vulnerability analysis and remediation for business. This individual will also need to educate and assist application teams to adopt secure development best practices. The Senior Application Security Engineer will help define and drive the implementation of these capabilities and work to integrate application security processes within the SDLC and CI/CD processes.

• Application of secure code practices. Ensuring compliance with secure coding practices. Ensuring products and services are scanned for defects and security issues. Ensuring those defects and security issues are resolved. Coordination with DevOps, Software Engineering and Development teams on remediating defects that are related to security issues.
• Onboarding of applications into the web application firewall along with configuration and troubleshooting.
• Training Developers on secure code practices. Ensuring the SDLC includes secure coding methodology. Ensures that the user community understands and adheres to necessary procedures to maintain security.
• Performs root cause analysis of complex application security issues and provides recommendations to stakeholders on the best course of action to remedy the problem.
• Performs ongoing application security reviews to ensure compliance with internal security standards and regulatory requirements.
• Assist in responses to external audits, penetration tests and vulnerability assessments.
• Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business.
• Interview, develop, coach, lead and retain top-tier talent, with a focus on building and improving a team and culture that is able to assist in employing best in class practices to support and drive high levels of internal and external customer satisfaction.
• Complete all responsibilities as outlined in the annual performance review and/or goal setting. 
• Complete all special projects and other duties as assigned.
• Must be able to perform duties with or without reasonable accommodation.

This job description is intended to describe the general nature and level of work being performed and is not to be construed as an exhaustive list of responsibilities, duties and skills required. This job description does not constitute an employment agreement and is subject to change as the needs of Cotiviti and requirements of the job change. 

• BS degree in Cyber Security/Computer Science/MIS, equivalent and a minimum of 8 years relevant industry experience.
• Experience with agile development methodologies (Scrum, Kanban, sprint iterative).
• Demonstrated passion for information security and application security.
• 8 years in application security with hands-on exposure to industry standard platforms like Veracode, Rapid7, WAF, Burp Suite and/or Fortify.
• Vulnerability management and remediation experience.
• Experience securing API’s
• Active involvement with practices emerging from OWASP, NIST and SANS
• Experience validating penetration test findings and recommending remediations.
• Demonstrated project management skills and ability to track and report progress against established milestones, metrics and deliverables.
• Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy to both technical and non-technical audiences.
• Excellent aptitude for problem solving. Self-starter, team player, personable, enthusiastic, hardworking, and enjoy interfacing with external and internal customers on a day-to-day basis.

Preferred

• Hands-on experience administering a variety of secure code platforms with proven ability to run static and dynamic application security tests (SAST and DAST) and/or implementation/administration of web application firewalls (WAF).
• Security certification a plus (CISM, CISSP, CEH, OSCP).
• Demonstrated knowledge and understanding of Application Security trends and emerging technologies (Docker, Kubernetes, etc.).
• Experience in Java and/or .NET platforms.

Mental Requirements:

• Exceptional communication, problem-solving, and leadership skills.
• Advanced analysis, problem-resolution, judgment, and decision-making capabilities.
• Ability to prioritize and execute complex tasks in a high-pressure environment independently.
• Strong results orientation, initiative, attention to detail, and customer service focus.
• Expert time management skills, balancing daily operations, projects, and mentorship.
• Ability to independently prioritize, re-prioritize, and manage multiple complex tasks.

Working Conditions and Physical Requirements

• Remaining in a stationary position, often standing or sitting for prolonged periods.
• Communicating with others to exchange information.
• Repeating motions that may include the wrists, hands and/or fingers.
• Assessing the accuracy, neatness and thoroughness of the work assigned.
• No adverse environmental conditions expected.
• Must be able to provide a dedicated, secure work area.
• Must be able to provide high-speed internet access / connectivity and office setup and maintenance.

Base compensation ranges from $130,000 to $165,000. Specific offers are determined by various factors, such as experience, education, skills, certifications, and other business needs.

This role is eligible for discretionary bonus consideration

Cotiviti offers team members a competitive benefits package to address a wide range of personal and family needs, including medical, dental, vision, disability, and life insurance coverage, 401(k) savings plans, paid family leave, 9 paid holidays per year, and 17-27 days of Paid Time Off (PTO) per year, depending on specific level and length of service with Cotiviti. For information about our benefits package, please refer to our Careers page.

Since this job will be based remotely, all interviews will be conducted virtually.

Date of posting: xx/xx/xxxx

Applications are assessed on a rolling basis. We anticipate that the application window will close on xx/xx/xxxx, but the application window may change depending on the volume of applications received or close immediately if a qualified candidate is selected.

#senior

#LI-REMOTE

#LI-AK1