Application Security Principal

Quantum Health

Job Location:

Dublin, VA - USA

Monthly Salary: Not Disclosed

Posted on: 16 hours ago

Vacancies: 1 Vacancy

Job Summary

Description

Who we are

Founded in 1999 and headquartered in Central Ohio were a privately-owned independent healthcare navigation organization. We believe that no one should have to navigate the cost and complexity of healthcare alone and were on a mission to make healthcare simpler and more effective for our millions of members. Our big-hearted tech-savvy team fights to ensure that our members get the care they need when they need it at the most affordable cost thats why we call ourselves Healthcare Warriors.

Were committed to building diverse and inclusive teams more than 2000 of us and counting so if youre excited about this position we encourage you to apply even if your experience doesnt match every requirement.

About the role

The Application Security Principal is a senior hands-on security leader who reports directly to the Chief Information Security Officer (CISO) and is responsible for building operating and continuously improving the enterprise Application Security (AppSec) program. The role is deeply embedded within software engineering initiatives working side-by-side with development teams to enable secure-by-design and secure-by-default software delivery. This leader focuses on teaching mentoring and influencing engineers to write secure code and to effectively use modern AppSec tools and automation to reduce risk while maintaining delivery velocity. The role operates in a regulated healthcare environment and ensures alignment with HIPAA and HITRUST requirements.
Location: This position is located at our Dublin OH campus or may work remotely anywhere in the United States of America.

What youll do (Essential Responsibilities)

Create own and drive the enterprise Application Security program including vision strategy roadmap and operating model.
Embed within software engineering projects to provide hands-on guidance for secure design coding testing and deployment practices.
Teach mentor and lead software engineers to improve secure coding skills and security decision-making throughout the SDLC.
Define and operationalize a secure SDLC including threat modeling secure design reviews automated security testing and release controls.
Own and optimize application security tooling and workflows including Snyk SonarCloud GitHub Advanced Security GitHub Copilot Palisade and related CI/CD integrations.
Establish developer-friendly remediation workflows including prioritized findings fix guidance and automation where possible.
Partner with Engineering and Product leadership to align application security priorities with business objectives and delivery timelines.
Lead threat modeling and architectural risk assessments for new applications APIs and major enhancements.
Develop and track AppSec metrics and KPIs that demonstrate risk reduction coverage and program effectiveness.
Ensure application security controls and practices meet HIPAA Security Rule and HITRUST CSF requirements and support audit readiness.
Collaborate with infrastructure cloud and enterprise security teams on identity secrets management and secure platform patterns.
Support security incident response activities related to application vulnerabilities and contribute to root-cause analysis and long-term remediation.
Build and lead an application security champions or guild program to scale secure development practices across teams.
All other duties as assigned.

What youll bring (Qualifications)

Experience: Extensive experience designing and leading application security programs within complex enterprise environments.
Strong background in software engineering with the ability to read review and reason about code for security issues.
Hands-on experience integrating and operating modern AppSec tools such as Snyk SonarCloud GitHub Advanced Security and CI/CD pipelines.
Experience guiding developers in the effective and responsible use of AI-assisted development tools such as GitHub Copilot.
Deep understanding of secure SDLC principles threat modeling methodologies and common application vulnerability classes.
Experience securing cloud-native API-driven and microservices-based architectures.
Strong knowledge of healthcare regulatory requirements including HIPAA and HITRUST and their application to software development.
Proven ability to influence without authority and to build strong partnerships with engineering and product teams.
Excellent communication and teaching skills with the ability to translate security concepts into practical developer guidance.
Demonstrated leadership program management and strategic planning capabilities.
A high degree of personal accountability and trustworthiness a commitment to working within Quantum Healths policies values and ethics and protecting the sensitive data entrusted to us.

#LI-AK1 #LI-Hybrid #LI-Remote

Whats in it for you

Compensation: Competitive base and incentive compensation
Coverage: Health vision and dental featuring our best-in-class healthcare navigation services along with life insurance legal and identity protection adoption assistance EAP Teladoc services and more.
Retirement: 401(k) plan with up to 4% employer match and full vesting on day one.
Balance: Paid Time Off (PTO) 7 paid holidays parental leave volunteer days paid sabbaticals and more.
Development: Tuition reimbursement up to $5250 annually certification/continuing education reimbursement discounted higher education partnerships paid trainings and leadership development.
Culture: Recognition as a Best Place to Work for 15 years dedication to diversity philanthropy and sustainability and people-first values that drive every decision.
Environment: A modern workplace with a casual dress code open floor plans full-service dining free snacks and drinks complimentary 24/7 fitness center with group classes outdoor walking paths game room notary and dry-cleaning services and more!

What you should know

Internal Associates: Already a Healthcare Warrior Apply internally through Jobvite.
Process: Application > Phone Screen > Online Assessment(s) > Interview(s) > Offer > Background Check.
Diversity Equity and Inclusion: Quantum Health welcomes everyone. We value our diverse team and suppliers were committed to empowering our ERGs and were proud to be an equal opportunity employer .
Tobacco-Free Campus: To further enable the health and wellbeing of our associates and community Quantum Health maintains a tobacco-free environment. The use of all types of tobacco products is prohibited in all company facilities and on all company grounds.
Compensation Ranges: Compensation details published by job boards are estimates and not verified by Quantum Health. Details surrounding compensation will be disclosed throughout the interview process. Compensation offered is based on the candidates unique combination of experience and qualifications related to the position.
Sponsorship: Applicants must be legally authorized to work in the United States on a permanent and ongoing future basis without requiring sponsorship.
Agencies: Quantum Health does not accept unsolicited resumes or outreach from third-parties. Absent a signed MSA and request/approval from Talent Acquisition to submit candidates for a specific requisition we will not approve payment to any third party.

Reasonable Accommodation: Should you require reasonable accommodation(s) to participate in the application/interview/selection process or in order to complete the essential duties of the position upon acceptance of a job offer click here to submit a recruitment accommodation request.

Recruiting Scams: Unfortunately scams targeting job seekers are common. To protect our candidates we want to remind you that authorized representatives of Quantum Health will only contact you from an email address ending in @. Quantum Health will never ask for personally identifiable information such as Date of Birth (DOB) Social Security Number (SSN) banking/direct/tax details etc. via email or any other non-secure system nor will we instruct you to make any purchases related to your employment. If you believe youve encountered a recruiting scam report it to the Federal Trade Commission and your states Attorney General.

DescriptionWho we areFounded in 1999 and headquartered in Central Ohio were a privately-owned independent healthcare navigation organization. We believe that no one should have to navigate the cost and complexity of healthcare alone and were on a mission to make healthcare simpler and more effective...

Description

Who we are

About the role

What youll do (Essential Responsibilities)

Create own and drive the enterprise Application Security program including vision strategy roadmap and operating model.
Embed within software engineering projects to provide hands-on guidance for secure design coding testing and deployment practices.
Teach mentor and lead software engineers to improve secure coding skills and security decision-making throughout the SDLC.
Define and operationalize a secure SDLC including threat modeling secure design reviews automated security testing and release controls.
Own and optimize application security tooling and workflows including Snyk SonarCloud GitHub Advanced Security GitHub Copilot Palisade and related CI/CD integrations.
Establish developer-friendly remediation workflows including prioritized findings fix guidance and automation where possible.
Partner with Engineering and Product leadership to align application security priorities with business objectives and delivery timelines.
Lead threat modeling and architectural risk assessments for new applications APIs and major enhancements.
Develop and track AppSec metrics and KPIs that demonstrate risk reduction coverage and program effectiveness.
Ensure application security controls and practices meet HIPAA Security Rule and HITRUST CSF requirements and support audit readiness.
Collaborate with infrastructure cloud and enterprise security teams on identity secrets management and secure platform patterns.
Support security incident response activities related to application vulnerabilities and contribute to root-cause analysis and long-term remediation.
Build and lead an application security champions or guild program to scale secure development practices across teams.
All other duties as assigned.

What youll bring (Qualifications)

Experience: Extensive experience designing and leading application security programs within complex enterprise environments.
Strong background in software engineering with the ability to read review and reason about code for security issues.
Hands-on experience integrating and operating modern AppSec tools such as Snyk SonarCloud GitHub Advanced Security and CI/CD pipelines.
Experience guiding developers in the effective and responsible use of AI-assisted development tools such as GitHub Copilot.
Deep understanding of secure SDLC principles threat modeling methodologies and common application vulnerability classes.
Experience securing cloud-native API-driven and microservices-based architectures.
Strong knowledge of healthcare regulatory requirements including HIPAA and HITRUST and their application to software development.
Proven ability to influence without authority and to build strong partnerships with engineering and product teams.
Excellent communication and teaching skills with the ability to translate security concepts into practical developer guidance.
Demonstrated leadership program management and strategic planning capabilities.
A high degree of personal accountability and trustworthiness a commitment to working within Quantum Healths policies values and ethics and protecting the sensitive data entrusted to us.

#LI-AK1 #LI-Hybrid #LI-Remote

Whats in it for you

Compensation: Competitive base and incentive compensation
Coverage: Health vision and dental featuring our best-in-class healthcare navigation services along with life insurance legal and identity protection adoption assistance EAP Teladoc services and more.
Retirement: 401(k) plan with up to 4% employer match and full vesting on day one.
Balance: Paid Time Off (PTO) 7 paid holidays parental leave volunteer days paid sabbaticals and more.
Development: Tuition reimbursement up to $5250 annually certification/continuing education reimbursement discounted higher education partnerships paid trainings and leadership development.
Culture: Recognition as a Best Place to Work for 15 years dedication to diversity philanthropy and sustainability and people-first values that drive every decision.
Environment: A modern workplace with a casual dress code open floor plans full-service dining free snacks and drinks complimentary 24/7 fitness center with group classes outdoor walking paths game room notary and dry-cleaning services and more!

What you should know

Internal Associates: Already a Healthcare Warrior Apply internally through Jobvite.
Process: Application > Phone Screen > Online Assessment(s) > Interview(s) > Offer > Background Check.
Diversity Equity and Inclusion: Quantum Health welcomes everyone. We value our diverse team and suppliers were committed to empowering our ERGs and were proud to be an equal opportunity employer .
Tobacco-Free Campus: To further enable the health and wellbeing of our associates and community Quantum Health maintains a tobacco-free environment. The use of all types of tobacco products is prohibited in all company facilities and on all company grounds.
Compensation Ranges: Compensation details published by job boards are estimates and not verified by Quantum Health. Details surrounding compensation will be disclosed throughout the interview process. Compensation offered is based on the candidates unique combination of experience and qualifications related to the position.
Sponsorship: Applicants must be legally authorized to work in the United States on a permanent and ongoing future basis without requiring sponsorship.
Agencies: Quantum Health does not accept unsolicited resumes or outreach from third-parties. Absent a signed MSA and request/approval from Talent Acquisition to submit candidates for a specific requisition we will not approve payment to any third party.

Apply Now

About Company

Quantum Health

Quantum Health offers a uniquely powerful solution to drive healthcare navigation benefits performance while blending technology, cost savings, utilization, and member satisfaction.

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click