Clover is reinventing health insurance by working to keep people healthier.
We value diversity — in backgrounds and in experiences. Healthcare is a universal concern, and we need people from all backgrounds and swaths of life to help build the future of healthcare. Clover's Security & Solutions Engineering team is empathetic, caring, and supportive. We are deliberate and self-reflective about the kind of engineering team and culture that we are building, seeking engineers that are not only strong in their own aptitudes but care deeply about supporting each other's growth.
We are looking for a Senior Security Engineer with application security and web application development experience along with leadership skills. In this position, you will act as the lead application security engineer and should possess a deep understanding of the OWASP Top 10, CWE 25, Data Protection, Access management software vulnerabilities and best practices, as well as design and threat modeling knowledge. You should be excited to work in a dynamic environment where you will work with developers in producing secure code in short time frames and are willing to go beyond the standard routine.
As a Senior Security Engineer, you will:
Work as part of a team of software and security engineers to aide in designing, maintaining, and building best-in-class product security tools and services.
Act as the technical point of contact for product teams as it relates to automation, CI/CD, and Product Application security operations.
Build tools and automation scripts that help enable engineering teams to easily consume security services.
Be responsible for security product recommendations, QA, and Testing.
Build trusting relationships with product development teams.
Improve the accessibility of security through all available means.
Understand existing processes and identify how to improve and streamline them in order to improve team efficiency and effectiveness.
Configure security systems, analyze security requirements, and recommend improvements for existing projects.
Perform vulnerability and penetration testing, helping to identify and defend against threats.
Ensure that the company knows as much as possible, as quickly as possible about security incidents in products and services.
Write comprehensive reports including assessment-based findings, outcomes and suggestions for further system security enhancement.
Consult with peers, management, and executives about the best security practices and provide technical advice.
Prepare and document standard operating procedures.
Assist in other security-related duties and functions across the organization as-needed.
You will love this job if:
You enjoy a fast-paced and challenging environment where you will have the ability to directly impact company goals and objectives via your contributions to securing the organization.
You strive to promote security-centric approaches to all aspects of an organization.
You enjoy working in a cloud-based infrastructure and company environment.
You have the ability to effectively present and communicate security threats and risks to ANY audience and impress upon them the mitigation techniques and strategies.
You have strong problem solving and analytical skills; you are able to quickly digest any issue/problem encountered and can recommend an appropriate solution.
You are able to identify root-cause of issues and drive solutions from identification, research, remedy and completion, and are able to negotiate and bring consensus to diverse priorities of product development and solution teams.
You should get in touch if:
You have 5+ years of experience in Web Application Security, Secure SDLC and Threat Modeling.
You have a strong understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment.
You are well versed in web application design, penetration testing, application risk assessment and risk categorization.
You have had previous success in implementing effective Secure SDLC frameworks across a large corporation.
You have experience in managing application security testing tools including SAST, DAST and Open Source Vulnerability Scanning.
You are familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
About Clover Health
We're a health insurance company on a mission to improve lives
At Clover Health, we’re working to solve the country’s most complex and expensive problem: improving healthcare. Clover Health is a Medicare Advantage insurer that combines technology and preventive care to lower costs and increase the quality of life for those who need it most.