Information Security Engineer (AppSec)

• Help define and implement a comprehensive application security program to protect the confidentiality, integrity, and availability of company assets
• Establish reuseable policy and procedures
• Serve as an authority on application security with development and operations teams
• Evaluate company attack surface to detect misconfigurations, vulnerabilities, or weaknesses requiring mitigation
• Partner with development teams to perform various code, credential, and SCA scans
• Design, implement, and automate reasonable controls in cloud CI/CD environments
• Support the creation and implementation of a red team function and partner with security operations to test detection capabilities and weaknesses
• Help define the scope for annual and periodic penetration assessments
• Actively participate in architectural discussions with other engineers and support staff on various information security topics such as ZTNA, observability, API security, and emergent technologies (AI/ML, etc.)
• Participate in the incident response process to support the identification, eradication, and recovery of systems.
• Create architecture and application documentation
• Help define procedures to formalize and mature application security
• Support various security projects and participate in solution selection and enhancements
• Be an active participant in building the information security program by evaluating and suggesting new solutions and ideas and championing the information security program

• 4-year Bachelor's degree or equivalent experience
• 4-7 years of IT and information security experience
• 2-3 years of development experience
• Strong understanding of information security best practices and security frameworks (NIST CSF, ISO 27001, ISO27005, CIS Controls, HITRUST, etc.) as they pertain to application security
• Working knowledge of the OWASP top 10
• Deep knowledge of databases, common operating systems (Windows/Linux), networking, application, and cloud environments
• CASE, CEH, AWS, or equivalent information security training and expertise
• Experience with HIPAA, DOL Information security best practices, international, federal, and state privacy laws
• Experience with C#, .NET, and JavaScript
• Developing, hardening, and securing APIs

• Ability to work with various IT and Business teams to address sensitive topics and risk
• Strong management and business communication skills
• Deep technical understanding and ability to apply it to complex technical and business solutions
• Expertise in project management and prioritization
• Highly motivated team player with a desire to improve the information security program
• Work in a hybrid remote work and office work environment

• Competitive pay
• Rich medical, vision and dental benefits with low premiums (we are the #1 health plan in Utah!)
• Rich retirement planning; including 401(k) company match, 8% Retirement Plus Plan (we just give you free money for retirement), life insurance, and full service Financial Planners onsite at no cost
• Generous paid leave plan that starts accruing your first day, your birthday off, additional sick leave and 11 paid holidays
• World class wellness program with health coaching, ability to earn 3 additional days off a year, fun activities and an onsite gym.
• Tuition reimbursement
• Career development through company sponsored programs and over 5000 on-demand online training courses.

Deseret Mutual Benefit Administrators