Application Security Engineer

Galway - Ireland

Monthly Salary: Not Disclosed

Posted on: 11 hours ago

Vacancies: 1 Vacancy

Job Summary

Datavant is a data platform company and the worlds leader in health data exchange. Our vision is that every healthcare decision is powered by the right data at the right time in the right format.

Our platform is powered by the largest most diverse health data network in the U.S. enabling data to be secure accessible and usable to inform better health decisions. Datavant is trusted by the worlds leading life sciences companies government agencies and those who deliver and pay for care.

By joining Datavant today youre stepping onto a high-performing values-driven team. Together were rising to the challenge of tackling some of healthcares most complex problems with technology-forward solutions. Datavanters bring a diversity of professional educational and life experiences to realize our bold vision for healthcare.

What Were Looking For

As an Application Security Engineer you will be responsible for identifying assessing analyzing prioritizing and coordinating application security vulnerabilities across Datavants IT infrastructure business applications and cloud environments. You will have a strong technical background in applications security space with SAST SCA container scanning penetration testing threat modeling API Security and pipeline integrations.

What You Will Do

Focus primarily on vulnerability assessment scanning prioritization in Datavants infrastructure and applications including those within the FedRAMP boundary ensuring follow up on vulnerability remediation efforts managing risk effectively for the organization.
Engage heavily with product and engineering teams to assess all vulnerability risks and communicate to both technical and non-technical team members the risk level impact and options for remediation and/or mitigation of risk.
Maintain and implement security scanning solutions in SAST/SCA/Container Security/Cloud/Infrastructure scanning space
Work on building and automating self service dashboards in vulnerability management space
Prepare for and support annual FedRAMP 3PAO assessments by validating control evidence resolving findings and reviewing audit artifacts.
Partner with GRC Platform Product and Engineering teams to translate compliance requirements into actionable technical tasks.
Help facilitate quarterly planning discussions by providing strategic prioritization of all security-related requests including (but not limited to) architectural feedback vulnerability remediation compliance control implementation etc.
Translate compliance control intent into modern engineering workflows. Rather than applying controls literally decompose their requirements into their core assurance goals then rebuild them as scalable low-friction implementations that achieve the same assurance (or better) through automation auditable development workflows and practical risk management
Review application projects our development teams build. This will mean putting eyes on code through secure code reviews as well as working with the teams to understand the broad architecture of systems being built. Youll be very comfortable providing control feedback in a review environment to development teams. Youll be adept at using your knowledge to the application of practical risk management.
Own new projects for advancing security in our environment. Be the deep technical expert and collaborate with others on the teams to ensure project success. Your impact here cannot be understated you are a core contributor and have deep influence to empower Datavant greatness

What You Need to Succeed

Strong technical expertise and prior experience in vulnerability assessment space
3 years of working in vulnerability research scanning prioritization
3 years of working with application security scanning for SAST SCA container scanning
Strong understanding of at least one programming language such as Python Java GolangC## (or equivalent language)
Have a deep understanding of Application Cloud Container security. Youll use this knowledge to provide architectural reviews and contributions to our development teams
Have a strong understanding of security controls both those that exist in audit standards as well as practical controls that can help reduce risk and increase safety in application development environments and AWS and/or Azure
Proven ability to automate/ build solutions
Strong communication skills
You understand how the broad parts of a security team function and operate in unison
You can articulate start to finish what role security should play in ideation and build with development teams
You have opinions and options on most of the steps
You are a consummate collaborator its inherent in your work behavior
Ability to understand the tradeoffs between ideal security and what is necessary to appropriately secure a legacy system
You are heavily focused on delivery and being impactful; Understand how to operate and succeed in a very fast-paced environment where the security team should be a partner and enabler for the engineering team rather than a blocker
We lean deeply into individuals who have experience and have practical knowledge of applying standards in low friction ways
Broad scoped projects dont scare you they energize you. However you like to get things done fast (and help others) with limited dependencies

What Helps You Stand Out

Ability to provide technical thought leadership in the application security space.
Strong understanding of risk
Prior hands-on experience building automated solutions specifically in the Vulnerability management space.
You are often viewed as the expert in the room for application security space.
Prior experience building and architecting secure solutions
You have experience with security in healthcare or other highly regulated space. Examples: HIPAA HITRUST SOC 2 and PCI experience from an operational response standpoint
Deep experiencing representing companies to government agencies for FedRAMP High and Moderate environments

To ensure the safety of patients and staff many of our clients require post-offer health screenings and proof and/or completion of various vaccinations such as the flu shot Tdap COVID-19 etc. Any requests to be exempted from these requirements will be reviewed by Datavant Human Resources and determined on a case-by-case basis. Depending on the state in which you will be working exemptions may be available on the basis of disability medical contraindications to the vaccine or any of its components pregnancy or pregnancy-related medical conditions and/or religion.

This job is not eligible for employment sponsorship.

Datavant is committed to a work environment free from job discrimination. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race color sex sexual orientation gender identity religion national origin disability veteran status or other legally protected learn more about our commitment please review our EEO Commitment Statement here. Know Your Rights explore the resources available through the EEOC for more information regarding your legal rights and addition Datavant does not and will not discharge or in any other manner discriminate against employees or applicants because they have inquired about discussed or disclosed their own pay.

At the end of this application you will find a set of voluntary demographic questions. If you choose to respond your answers will be anonymous and will help us identify areas for improvement in our recruitment process. (We can only see aggregate responses not individual fact we arent even able to see whether youve responded.) Responding is entirely optional and will not affect your application or hiring process in any way.

Datavant is committed to working with and providing reasonable accommodations to individuals with physical and mental disabilities. If you need an accommodation while seeking employment please request it here by selecting the Interview Accommodation Request category. You will need your requisition ID when submitting your request you can find instructions for locating it here. Requests for reasonable accommodations will be reviewed on a case-by-case basis.

For more information about how we collect and use your data please review our .

Required Experience:

Datavant is a data platform company and the worlds leader in health data exchange. Our vision is that every healthcare decision is powered by the right data at the right time in the right format.Our platform is powered by the largest most diverse health data network in the U.S. enabling data to be s...

Datavant is a data platform company and the worlds leader in health data exchange. Our vision is that every healthcare decision is powered by the right data at the right time in the right format.

What Were Looking For

What You Will Do

Focus primarily on vulnerability assessment scanning prioritization in Datavants infrastructure and applications including those within the FedRAMP boundary ensuring follow up on vulnerability remediation efforts managing risk effectively for the organization.
Engage heavily with product and engineering teams to assess all vulnerability risks and communicate to both technical and non-technical team members the risk level impact and options for remediation and/or mitigation of risk.
Maintain and implement security scanning solutions in SAST/SCA/Container Security/Cloud/Infrastructure scanning space
Work on building and automating self service dashboards in vulnerability management space
Prepare for and support annual FedRAMP 3PAO assessments by validating control evidence resolving findings and reviewing audit artifacts.
Partner with GRC Platform Product and Engineering teams to translate compliance requirements into actionable technical tasks.
Help facilitate quarterly planning discussions by providing strategic prioritization of all security-related requests including (but not limited to) architectural feedback vulnerability remediation compliance control implementation etc.
Translate compliance control intent into modern engineering workflows. Rather than applying controls literally decompose their requirements into their core assurance goals then rebuild them as scalable low-friction implementations that achieve the same assurance (or better) through automation auditable development workflows and practical risk management
Review application projects our development teams build. This will mean putting eyes on code through secure code reviews as well as working with the teams to understand the broad architecture of systems being built. Youll be very comfortable providing control feedback in a review environment to development teams. Youll be adept at using your knowledge to the application of practical risk management.
Own new projects for advancing security in our environment. Be the deep technical expert and collaborate with others on the teams to ensure project success. Your impact here cannot be understated you are a core contributor and have deep influence to empower Datavant greatness

What You Need to Succeed

Strong technical expertise and prior experience in vulnerability assessment space
3 years of working in vulnerability research scanning prioritization
3 years of working with application security scanning for SAST SCA container scanning
Strong understanding of at least one programming language such as Python Java GolangC## (or equivalent language)
Have a deep understanding of Application Cloud Container security. Youll use this knowledge to provide architectural reviews and contributions to our development teams
Have a strong understanding of security controls both those that exist in audit standards as well as practical controls that can help reduce risk and increase safety in application development environments and AWS and/or Azure
Proven ability to automate/ build solutions
Strong communication skills
You understand how the broad parts of a security team function and operate in unison
You can articulate start to finish what role security should play in ideation and build with development teams
You have opinions and options on most of the steps
You are a consummate collaborator its inherent in your work behavior
Ability to understand the tradeoffs between ideal security and what is necessary to appropriately secure a legacy system
You are heavily focused on delivery and being impactful; Understand how to operate and succeed in a very fast-paced environment where the security team should be a partner and enabler for the engineering team rather than a blocker
We lean deeply into individuals who have experience and have practical knowledge of applying standards in low friction ways
Broad scoped projects dont scare you they energize you. However you like to get things done fast (and help others) with limited dependencies

What Helps You Stand Out

Ability to provide technical thought leadership in the application security space.
Strong understanding of risk
Prior hands-on experience building automated solutions specifically in the Vulnerability management space.
You are often viewed as the expert in the room for application security space.
Prior experience building and architecting secure solutions
You have experience with security in healthcare or other highly regulated space. Examples: HIPAA HITRUST SOC 2 and PCI experience from an operational response standpoint
Deep experiencing representing companies to government agencies for FedRAMP High and Moderate environments