Job details

Principal Associate, Application Security Engineer - job 2 of 2

We have an exciting opportunity for an Application Security Engineer to join our expanding team. Under the direction of the Manager of Software Security, this individual is a vital member of our Information Security team that will provide expertise in secure coding practices and the security of our applications. This position offers the opportunity to work closely with a vary talented group of Software Engineers to mature security practices that maintain the trust placed in the company and align with our business objectives. This position is an individual contributor role with responsibilities for software security across the organization.• Who We Are: *We're a $10+ billion, rapidly growing workforce solutions provider in the healthcare industry. We deliver tech-enabled services that help healthcare organizations meet and manage their contingent labor needs. We build and manage tech-enabled marketplaces for national and local healthcare talent and deliver contingent labor management solutions through our proprietary software platform.• Responsibilities: *Maintain relationships with software engineers, scrum masters, architects, and other security teams to incorporate security principles into the SDLC.Take part in architecture design reviews.Conduct vulnerability assessments and software composition analysis on applications within the organization to unveil concealed vulnerabilities in the code.Collaborate with development teams to remediate vulnerabilities.Develop and maintain security assessment procedures and guidelines.Develop security best practices to be used as security standards within Aya.Stay up to date on emerging threats that affect the security of Aya's software and applicationsAssist with training of Security Champions, when requiredRequired Qualifications:Bachelor's degree preferred, and/or equivalent experience5+ years' experience in software, product, or application securityFamiliarity with one or more programming languages, such as C#, PHP, Python, and JavaExperience with Agile Development MethodologiesUnderstanding and experience with OWASP Top 10 Risks, software security maturity models (such as SAMM or BSIMM), and secure software development lifecycle (SLDC) processes/techniquesExperience performing software threat modeling, such as STRIDESelf-starter requiring minimal supervisionStrong tendency to action and able to work in a fast paced environmentExperience in an Azure Environment are preferredIndustry certifications (Security+, GWAPT, OSCP, CISSP) are preferredWhat We Offer:Free premium medical, dental, life and vision insuranceGenerous 401(k) matchWe also offers other benefits to those that are eligible and where required by applicable law, including reimbursements and discretionary bonusesAya provides paid sick leave in accordance with all applicable state, federal, and local laws. Aya's general sick leave policy is that employees accrue one hour of paid sick leave for every 30 hours worked. However, to the extent any provisions of the statement above conflict with any applicable paid sick leave laws, the applicable paid sick leave laws are controllingCelebrations! We hit our goals and reward ourselves.Company-sponsored virtual events, happy hours and team-building activities are always on the horizon --- plus, you get a special treat on your birthday!

Capital One Glassdoor Company Review

4.2

Capital One DE&I Review

4.2

CEO of Capital One

Richard D. Fairbank

Approve of CEO

Average salary estimate

$100000 / YEARLY (est.)

min

max

$80000K

$120000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Principal Associate, Application Security Engineer, Capital One

Are you ready to elevate your career as a Principal Associate, Application Security Engineer at Aya? Located in the heart of Ettrick, VA, this is not just another job; it's an invitation to be part of a dynamic, rapidly growing team that's making waves in the healthcare industry. Here, you’ll join forces with highly skilled Software Engineers and the Manager of Software Security to enhance secure coding practices and safeguard our innovative applications. Your expertise will play a crucial role in maintaining the trust that healthcare organizations place in us while aligning with our overarching business goals. As an individual contributor, you’ll take charge of software security across the company, focusing on building strong relationships with various teams, conducting vulnerability assessments, and developing best practices for security standards at Aya. With over five years of experience in application security, along with familiarity in programming languages like C#, PHP, Python, and Java, you will leverage your knowledge of OWASP Top 10 Risks and secure software development lifecycle processes to lead and teach security strategies throughout the organization. Plus, you’ll benefit from a competitive package of resources and support, including free premium medical insurance and a generous 401(k) match. Joining Aya also means embracing celebrations and team-building experiences, ensuring that hard work is recognized and rewarded. If you're a proactive self-starter looking to make a significant impact whilst working in an exciting environment, then we want to hear from you!

Frequently Asked Questions (FAQs) for Principal Associate, Application Security Engineer Role at Capital One

What are the responsibilities of a Principal Associate, Application Security Engineer at Aya?

As a Principal Associate, Application Security Engineer at Aya, your key responsibilities will include maintaining relationships with software engineers and scrum masters while implementing security principles into the software development lifecycle (SDLC). You'll participate in architecture design reviews, conduct vulnerability assessments, and collaborate closely with development teams to remediate any identified vulnerabilities. Additionally, you'll develop and maintain security procedures, stay informed about emerging threats, and assist with training security champions across the organization.