Lead Application Security Engineer
Oscar is a health insurance company that is using technology to make quality health insurance more affordable. Every day, we are making a difference in people’s lives. We build intuitive and powerful systems for people who use our insurance, for our staff, and for others in the healthcare ecosystem. Security of these systems is paramount to us. People who use Oscar trust us with their confidential data, and we must honor their trust. We are looking for a passionate application security leader who is excited to take on significant responsibilities in this goal and help us build a world class security program.
As Lead Application Security Engineer, you will lead our application security efforts, partnering with our infrastructure engineering and software development teams to enhance the security of our systems and help other develop a keen eye for insecure code. Working as a direct report to our Head of Information Security, you will play a critical role in setting the course for application security initiatives, making strategic decisions, and building security into our systems and processes.
We believe in idea meritocracy and maintain open communication environment where our team members are encouraged to contribute and where their contributions are valued. While we are looking for people with domain expertise who could hit the ground running, we encourage our staff to cut across multiple information security disciplines, so that they participate in broader range of projects and grow professionally.
- 4+ years of work experience in application security
- Strong understanding of secure SDLC practices and the ability to implement them
- Expert knowledge of common web and mobile application security vulnerabilities
- Mastery of appsec-related concepts, such as authentication, data integrity, session management, access controls, and input/output handling
- 2+ years experience using a scripting and/or programming language (e.g. Python, Go, bash) and the ability to learn new languages
- Ability to recommend and implement best-in-class commercial and open source application security tools
- Ability to participate in design reviews and conduct code reviews with an eye for security vulnerabilities
- Ability to create strategic roadmaps for application security at Oscar and deliver on key results
- Being able to articulate and prioritize security risks related to specific processes
- A willingness to work collaboratively across the team and company
- Experience conducting application penetration tests
- Ability to submit production-quality code changes
- Ability to perform security assessments of third-party software
- A strong drive to figure out how things work and how to break them
At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we work to cultivate an environment where exceptional people can be their most authentic selves and find both belonging and support. We're on a mission to change healthcare -- an experience made whole by your unique background and perspectives.
Oscar applicants are considered solely based on their qualifications, without regard to applicant’s disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team ([email protected]) to make the need for an accommodation known.
Pay Transparency Policy: Oscar's Pay Transparency Policy ensures that you won't be discharged or discriminated against based on whether you've inquired about, discussed, or disclosed your pay. Read the full policy here.