portal resources jobs companies i invitae senior application security engineer

Senior Application Security Engineer


Location: San Francisco, CA or Remote throughout US

Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we serve. We are leading the transformation of the genetics industry, by making genetic testing affordable and accessible for everyone to guide health decisions across all stages of life. 

Our Information Security Team is pushing the envelope on shift left strategies to ensure all software development and IT operations at Invitae adhere to security best practices from inception to implementation.  We’re looking for individuals passionate about furthering this vision and helping to redefine what state of the art means!

What you’ll do:

The Sr. Application Security Engineer will be responsible for: 

  • Ensuring web applications, APIs and cloud services are planned, designed, developed, implemented, and monitored in accordance with the Information Security Policy and associated HITRUST, HIPAA, PCI and SOX security controls
  • Developing, implementing and monitoring enterprise information security architectures and solutions. 
  • Designing and automating assessments through penetration testing and ethical hacking, then analyzing security risks and recommending mitigating and compensating security controls.
  • Working closely with the Security Operations Team to develop new incident response plans and playbooks related to web application security threats
  • Working closely with engineering and QA to ensure security principles are enforced in all stages of the software development lifecycle
  • Participating in source code reviews and providing assessments of changes to application design and architecture prior to release to production
  • Working closely with cross functional teams to embed security, logging, and auditing in all applications hosted within the corporate and cloud environments
  • Performing assessments of security tools, vendors and solutions to support information security roadmap initiatives
  • Developing and maintaining a program to deliver on demand training associated with high risk coding practices and detected software security vulnerabilities
  • Working closely with Security Governance & Compliance to develop and deliver required compliance training related to secure software development best practices
  • Performing internal penetration testing working closely with the engineering team to assess and prioritize discovered security issues and vulnerabilities
  • Maintaining and supporting application security tools, including static and dynamic security analysis solutions, and developing relevant documentation
  • Leading a cross functional team of security and engineering champions to mature software development practices throughout the organization based upon BSIMM guiding principles
  • Working closely with the CISO to develop metrics and dashboards for executive reporting on the progress and status of application security initiatives and objectives

What you bring:

  • Minimum 7+ years of experience in Information Security with an emphasis on application security
  • At least one security related certification, such as CISSP, GIAC, CSSLP, CEH required.  OSCP strongly preferred.
  • Experience with the development, deployment, and automation of application security solutions in an enterprise cloud based environment
  • Deep understanding of OWASP Top 10 and CWE/SANS Top 25
  • Demonstrated proficiency in ethical hacking and white hat penetration testing techniques
  • In-Depth knowledge of web application architecture, API development, and MVS frameworks required
  • Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously. 
  • Demonstrated experience in investigating security issues related to web application exploits, credential stealing and authentication-based exploits
  • Familiar with threat models for large, distributed systems and cloud-based SaaS infrastructure

Preferred:

  • Experience in DevOps environments and maintaining security in CI/CD processes highly desired
  • Solid understanding of AWS architecture and services
  • Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2. Strong understanding of HITRUST highly desired.
  • Hands-on technical proficiency with Burp Suite, Metasploit and Kali Linux highly preferred.
  • Experience in creating detailed solution design documents & diagrams
  • Demonstrated ability to facilitate automation and integration through scripting highly preferred.
  • Demonstrated proficiency in JavaScript, HTML, React/Angular and Python.  Programming experience in Java, Go, Scala, Python, C++ or C highly preferred.

At Invitae, we value diversity and provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

 

#L1-HS1

#LI-Remote

Other jobs at Invitae

9 jobs in the last 60 days · 19 in total · avg 0.92 jobs/mo · 1214 job visits

Senior Application Security Engineer

Senior Application Security Engineer

Location: San Francisco, CA or Remote throughout US Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we

yesterday
Senior Application Security Engineer

Senior Application Security Engineer

Location: San Francisco, CA or Remote throughout US Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we

this week
Senior Application Security Engineer

Senior Application Security Engineer

Location: San Francisco, CA or Remote throughout US Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we

this week
Senior Application Security Engineer

Senior Application Security Engineer

Location: San Francisco, CA or Remote throughout US Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we

this week
Senior Application Security Engineer

Senior Application Security Engineer

Location: San Francisco, CA or Remote throughout US Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we

this week
Senior Application Security Engineer

Senior Application Security Engineer

Location: San Francisco, CA or Remote throughout US Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we

this week
Senior Application Security Engineer

Senior Application Security Engineer

Location: San Francisco, CA or Remote throughout US Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we

last week
Senior Manager, Cybersecurity Operations

Senior Manager, Cybersecurity Operations

Location: San Francisco, CA or Remote throughout US Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we

last week
Infrastructure Engineer (Data)

Infrastructure Engineer (Data)

Invitae is a healthcare technology company that leverages genetic information to empower doctors and patients to make informed medical decisions. Our software engineers work on a variety of projects ranging from innovations in healthcare systems to t

1 month ago
 Computational Biologist, Data Engineering

Computational Biologist, Data Engineering

Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people.  Our team is driven to make a difference for the patients we serve.  We are leading the transformation of the ge

2 months ago
 Platform Infrastructure Engineer (Full-Stack)

Platform Infrastructure Engineer (Full-Stack)

Invitae is a rapidly growing genetic information company, whose mission is to bring comprehensive genetic information into mainstream medical practice to improve the quality of healthcare for billions of people.  The genetic testing space is moving

5 months ago
Senior Software Engineer - LIMS

Senior Software Engineer - LIMS

Invitae is a healthcare technology company that leverages genetic information to empower doctors and patients to make informed medical decisions. Our software engineers work on a variety of projects ranging from innovations in healthcare systems to t

over a year ago
Consumer Marketing Lead

Consumer Marketing Lead

CONSUMER MARKETING LEAD San Francisco, CA (preferred); will consider remote from other U.S. geographies as appropriate Invitae is a rapidly growing genetic testing company driven by the mission to expand access to high-quality, comprehensive, low-c

over a year ago
Consumer Marketing Lead

Consumer Marketing Lead

Consumer Marketing Lead San Francisco, CA (preferred); will consider remote from other U.S. geographies as appropriate Invitae is a rapidly growing genetic testing company driven by the mission to expand access to high-quality, comprehensive, low-c

over a year ago
Inside Sales Representative - Mexico

Inside Sales Representative - Mexico

INSIDE SALES REPRESENTATIVE MEXICO Location: remote US/Canada (prefer EST or CST) SUMMARY Invitae is seeking an Inside Sales Representative to cover the international region of Mexico. This position will be remote. The Inside Sales Representative

over a year ago
Client Relationship Manager - Israel

Client Relationship Manager - Israel

Client Relationship Manager - ISRAEL MUST SPEAK HEBREW  REGION: Remote position in EST (Boston MA, New York NY, Miami FL, Philadelphia, PA, Washington DC, New Jersey, West Bloomfield/Farmington Hills, MI) Invitae is a rapidly growing genetic testi

over a year ago
Clinical Bioinformatics Analyst, Medical Affairs

Clinical Bioinformatics Analyst, Medical Affairs

Office location – SF or remote Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we serve. We are leadin

over a year ago
Client Relationship Manager (CRM)- Partnerships (CST)

Client Relationship Manager (CRM)- Partnerships (CST)

Client Relationship Manager - Partnerships Remote based REGION: Central Time Zone Invitae is a rapidly growing genetic testing company driven by the mission to expand access to high-quality, comprehensive, low-cost genetic testing. To suppor

over a year ago
Technical Support Analyst

Technical Support Analyst

Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we serve. We are leading the transformation of the gene

over a year ago
Invitae