Sr. Application Security Engineer

Company: Quartet Health
Location: New York
Posted on: May 16, 2022

Job Description:

Company Description:Quartet is a leading tech-enabled behavioral health company that works with health plans, systems, and provider groups to deliver speed to quality behavioral health care for all. Through sophisticated data and analytics, along with personalized services, Quartet exists to advance quality care as defined by four measures: speed to care, seamless patient experiences, improved health outcomes, and affordability. The company is backed by venture funding from top investors including Oak HC/FT, GV (formerly Google Ventures), F-Prime Capital Partners, Polaris Partners, Deerfield Management, Echo Health Ventures, Centene Corporation, and Independence Health Group. We are deeply committed to growing a diverse team and an equitable and inclusive culture where all Quartetians are empowered to be themselves and do their best work. We know this is vital in realizing our mission to improve the lives of people with mental health conditions. As part of our commitment to building a diverse team, we have signed the Parity Pledge and actively encourage applicants of all backgrounds to apply. About the team & Opportunity: You will be part of our growing security team at Quartet Health. You will be tasked with the build-out of Quartet's security infrastructure, with a focus on automation, and eventually your focus will shift to day-to-day operations and break/fix. Accountabilities Design, test, and deploy various security solutions for Quartet's internal and external systems Implement effective methods in anomaly-based attack detection / prevention and attack surface reduction Automate the static code analysis (SCA) process to detect security vulnerabilities before code is deployed Promote secure coding practices within the application development teams Work on improvement of existing tools and development of new tools Qualifications - Minimum 3+ years working as a Security Analyst, Security Engineer (or comparable role), preferably in an AWS environment Experience with any of the following areas of compliance: (HIPAA, NIST 800-171, HITRUST) You are adept at using scripting languages to automate tasks (Python, AWK, Nodejs) You understand modern web application architecture (MVC using React / Angular) and how to secure it (OWASP) Have a solid understanding of common networking protocols and operations engineering (specifically MacOS and popular Linux variants) Qualifications - Preferred Familiarity with Open Source security tools (e.g. ELK stack) and common network services (LDAP, DNS, NTP, etc.) Familiarity with the following security domains: Incident Management/Forensics (primarily MacOS and Linux Ubuntu); Vulnerability Management (Tenable, Amazon Web-Services integrations); Application Security:Web-app security scanners (Burp Suite, Netsparker), Auditing code for vulnerabilities; Knowledge of security standards, principles, techniques, and technologies (OWASP, ISO27001, NIST 800-53, Common Criteria TSPs etc.) Employee Benefits for Quartet include: Unlimited vacation, volunteer opportunities, team events, mental healthcare coverage of 15 free therapy sessions + unlimited copay reimbursements, medical, dental + vision coverage, generous parental and military leave, commuter benefits, 401K, and stock option grants. Want to know what Quartet life is like? Click here to meet our team. Quartet actively encourages applicants of all backgrounds to apply and is proud to be an equal opportunity employer. We do not discriminate on the basis of race, color, ancestry, religion, national origin, sexual orientation, age, citizenship, marital or family status, disability, gender, gender identity or expression, pregnancy or caregiver status, veteran status, or any other legally protected status. To perform this job successfully, an individual must be able to perform essential job duties - reasonable accommodations may be made to enable qualified individuals with disabilities to perform essential job functions. If you require assistance in completing this application, interviewing, or otherwise participating in the employee selection process, please direct your inquiries to talent@quartethealth.com Please note: Quartet interview requests and job offers only originate from quartethealth.com email addresses (e.g. jsmith@quartethealth.com ). Quartet will also never ask for bank information (e.g. account and routing number), social security numbers, passwords, or other sensitive information to be delivered via email. If you receive a scam email or wish to report a security issue involving Quartet, please notify us at: security@quartethealth.com Have someone to refer? Email talent@quartethealth.com to submit their details to us.

Keywords: Quartet Health, New York , Sr. Application Security Engineer, Engineering , New York, New York