Hi, we're Oscar. Were hiring a Senior Security Engineer, Application Security to join our Security team.
Oscar is the first health insurance company built around a full stack technology platform & a relentless focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselvesone that behaves like a doctor in the family.
About the role:
Taking care of our members includes securing their data. The mission of the Security team is to protect the data our customers have entrusted to us, & make it possible for Oscar management to make informed, risk-calibrated decisions.
As a Senior Security Engineer, you will work with other Security team members & partner cross-functionally with Engineering, IT, & SRE to ensure we have the data & tools needed to protect the confidentiality, integrity, & availability of Oscars data & systems.
You will report into the Director of Detection & Response.
This is a remote role, you will work remotely in one of the following states: Arizona, California, Connecticut, Florida, Georgia, Illinois, Maryland, Massachusetts, Michigan, New Jersey, New York, North Carolina, Ohio, Pennsylvania, Tennessee, Texas, Utah, Virginia, or Washington. Note, this list of states is subject to change.
- Implement & tune application security tools with developer user experience in mind, such as SAST, DAST, & WAF
- Automate & integrate security processes & controls throughout our entire SDLC, from IDEs to source control systems to CI/CD pipelines to production deployments
- Define hardening & secure design standards & use them to perform application security reviews in partnership with developer teams
- Build positive relationships with partner teams in IS, DevOps, software engineering, & Product Management to continuously improve our application security strategies & priorities for protecting our customers & company
- Excellent time management & prioritization skills with a strong ability to plan, prioritize, & execute projects independently or in coordination with other teams
- Help create metrics to demonstrate the effectiveness of our application security program & inform continuous program improvements
- Report & communicate security issues & topics to technical & non-technical audiences, ranging from individual contributors to C-Suite executives
- Support the overall improvement of the security process & documentation in addressing the emerging threats
- Have 6+ years of career experience related to Application Security
- Knowledge of secure web application architecture patterns & common vulnerabilities (OWASP Top 10)
- Experience with database data access/management including Postgres & BigQuery
- Experience implementing application security tools (SAST, RASP, DAST, WAF)
- Experience implementing modern cloud infrastructure services in AWS & GCP
- Experience using containers & container orchestration technology (Mesos & Kubernetes)
- Experience with Terraform
- Prior work experience in a risk management capacity
- Prior work experience in or understanding of security challenges specific to the healthcare or health insurance industries
Life at Oscar:
At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves & find both belonging & support. We're on a mission to change health care -- an experience made whole by our unique backgrounds & perspectives.
We encourage our members to care for their whole selves, & we encourage our employees to do the same with comprehensive medical benefits, generous paid-time off, paid parental leave, retirement plans, company social events, stocked kitchens, wellness programs, & volunteer opportunities.
Oscar applicants are considered solely based on their qualifications, without regard to applicants disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team (firstname.lastname@example.org) to make the need for an accommodation known.
Pay Transparency Policy:
Oscar ensures that you won't be discharged or discriminated against based on whether you've inquired about, discussed, or disclosed your pay. Read the full policy here.
COVID-19 vaccine requirements for in-person work:
To protect the health & safety of our employees, we require any employee conducting in-person work* to be fully vaccinated against COVID-19 by their start date.
If you are unable to be vaccinated due to medical or protected religious reasons, please reach out to our Benefits team at email@example.com to submit an accommodations request.
*Note: In-person work includes: employees required to work from our offices (either full-time or part-time), employees conducting sales work in the field & employees conducting at-home or in-person visits with members.