Senior Cybersecurity Engineer

Job Title: Senior Cybersecurity Engineer - Development

Welldoc is seeking a highly skilled and experienced Senior Cybersecurity Engineer to be a crucial member of our Technology Development team. This role will be responsible for embedding security best practices throughout the software development lifecycle (SDLC) of our health management applications. The Senior Cybersecurity Engineer will collaborate closely with software engineers, product managers, and QA teams to design, implement, and maintain secure and resilient applications that safeguard sensitive patient data and comply with relevant healthcare regulations (e.g., HIPAA).

Responsibilities:

• Security Champion in SDLC: Integrate security considerations into all phases of the software development lifecycle, from requirements gathering and design to implementation, testing, and deployment.  
• Threat Modeling and Risk Assessment: Conduct thorough threat modeling exercises and security risk assessments for new and existing applications to identify potential vulnerabilities and recommend mitigation strategies.
• Secure Design and Architecture: Provide expert guidance on secure software design principles and architectural patterns to development teams, ensuring applications are built with security in mind.
• Code Review and Static/Dynamic Analysis: Perform security-focused code reviews and utilize static and dynamic application security testing (SAST/DAST) tools to identify and remediate security vulnerabilities in code.
• Vulnerability Management: Manage and track identified security vulnerabilities, prioritize remediation efforts, and work with development teams to implement timely fixes.
• Security Testing and Validation: Participate in and contribute to security testing activities, including penetration testing and vulnerability assessments, and ensure findings are addressed effectively.
• Security Automation: Identify opportunities to automate security testing and vulnerability management processes to improve efficiency and scalability.
• Cloud Security: Ensure the security of applications and data deployed in cloud environments (e.g., AWS, Azure, GCP), implementing and maintaining relevant security controls.
• Compliance and Regulatory Adherence: Maintain a strong understanding of relevant healthcare regulations (e.g., HIPAA, GDPR) and ensure applications comply with security and privacy requirements.
• Security Awareness and Training: Promote security awareness within the development team and contribute to the creation and delivery of security training materials.
• Security Tooling and Technologies: Evaluate, recommend, and implement security tools and technologies to enhance application security posture.
• Mentorship and Guidance: Mentor and provide guidance to junior development team members on secure coding practices and security principles.
• Collaboration and Communication: Effectively communicate security risks and recommendations to both technical and non-technical stakeholders.

Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, or a related field.  
• Minimum of 5-7 years of experience in application security, with a strong focus on secure software development practices.
• Deep understanding of common web application vulnerabilities (e.g., OWASP Top 10) and mitigation techniques.
• Proven experience with threat modeling methodologies and security risk assessment frameworks.
• Hands-on experience with static and dynamic application security testing (SAST/DAST) tools.
• Strong knowledge of secure coding principles and best practices in various programming languages (e.g., Java, Python, JavaScript, Swift, Kotlin).
• Experience securing cloud-based applications and infrastructure (e.g., AWS, Azure, GCP).
• Familiarity with healthcare regulations and compliance standards (e.g., HIPAA, GDPR).
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and collaboratively within a fast-paced, agile development environment.  

Preferred Qualifications:

• Relevant security certifications (e.g., CISSP, CSSLP, CEH).
• Experience with security automation tools and techniques (DevSecOps).
• Experience with mobile application security (iOS and Android).