Information Technology Applications Security Professional

UnitedHealth Group

(Santa Ana, California)
Full Time
Job Posting Details
About UnitedHealth Group
UnitedHealth Group is the most diversified health care company in the United States and a leader worldwide in helping people live healthier lives and helping to make the health system work better for everyone.
Responsibilities
* Provide expert advice and consultancy to customers on risk assessment, threat modeling and fixing vulnerabilities. * Work with development teams to carry out Application Security Reviews. * Conduct logical security audits and hands-on technical security evaluations and implementations * Perform security reviews of source code, stored procedures, and server/service configurations * Provide expert advice and consultancy to customers on risk assessment, threat modeling and fixing vulnerabilities. * Identify security issues and risks, and develop mitigation plans * Manage small projects, often with several team members * Ability to interact with technical and managerial clients * Develop and/or modify System Security Plans, Plan of Actions & Milestones, as well as other supporting documentation. * Participate in security compliance efforts (e.g., HIPAA, PCIDSS, SOX) * Provides analytical and technical security recommendations to other team members, * Educate developers on secure coding techniques and security best practices.
Ideal Candidate
**Required Qualifications:** * Bachelor's Degree in Computer Science or High School Diploma/ GED 4+ years of Professional Development experience required * 5+ years of hands-on application security experience * 7+ years of web application technologies, MVC, Ajax, XML, SOA, SSL, web-related protocols and services * 7+ years of experience of MS SQL. Basic knowledge of other commonly-used RDBMS * 3+ years of proficiency with the Microsoft Office suite * 5+ years of Windows and Linux operating systems knowledge at advanced user level * 7+ years of Hands-on development experience and thorough understanding of object-oriented programming, preferably Java, C#, ASP.NET * 3+ years of experience in vulnerability testing and auditing **Preferred Requirements:** * Master’s Degree preferred * Proficiency writing secure code * Experience working with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role). * Knowledge of and experience working with common application security tools (Fortify, AppScan, WebInspect, etc.) * Ability to identify security vulnerabilities from source code reviews and testing * Knowledge of encryption technologies, secure communications, and secure credentials management * Advanced knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay). * Advanced experience with at least one scripting language (e.g.: Perl, Python) * Conceptual understanding of software development principles and SDLC models, Agile experience is a plus * Intermediate proficiency with C/C++ or Java. Experience with lower-level languages (Assembly), debug and reverse-engineering tools (IDA, etc.) is a plus * Prior code audit/application penetration testing * Security Certification preferred (e.g. CISSP) * Knowledge of secure development practices and techniques including OWASP Top Ten.

Questions

Answered by on
This question has not been answered
Answered by on

There are no answered questions, sign up or login to ask a question

Want to see jobs that are matched to you?

DreamHire recommends you jobs that fit your
skills, experiences, career goals, and more.