The Application Security Analyst helps improve and maintain the WPS application security program by serving and providing experienced guidance pertaining to secure web development design and testing. The resource will partner with DevOps, Engineering and Architecture teams to educate, evangelize, and validate secure development practices. Experience with secure software development design principles and secure testing is required for this position.
In this role you will:
Perform security activities, including security design reviews, threat modeling, code auditing on internally & externally developed software
Govern automated secure coding tools and processes (SAST, DAST)
Provide Application Security guidance and training to developers and testers for building resilient products
Perform penetration testing against web applications and hosting infrastructure
Produce security reports pertaining to vulnerability metrics found in testing efforts
Operate as incident responder for triage pertaining to web-based vulnerabilities
Manage 3rd-party security assessments for web applications and infrastructure
Leverage experience and understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST)
Build, maintain, and enforce application security development policies, procedures & standards
Continuously improve program influence of modern application security principles in an Agile methodology
This role could be a good fit if you:
Possess excellent verbal and written communication skills and are able to navigate in an environment with both highly technical and highly nontechnical individuals
Have passion for technology, security and innovation
Want to work with a fast-paced project team
Enjoy working on Agile/Scrum development teams
Are driven to utilize your technical security expertise to increase the security posture at WPS
Like to work on multiple concurrent projects with high degrees of impact to the business
You'll benefit from this experience by:
Working in a highly complex highly security conscious environment that has a security umbrella that encompasses health Insurance, contract with Center for Medicare and Medicaid Service (CMS) and Department of Defense contracts that include, Tricare and VA
Working in an environment that serves our Nation's military, veterans, Guard and Reserves along with their families.
Assisting to develop an application security program from the ground up.
Assisting in the modernization and transition of legacy systems to cloud-based platforms.
You need to have:
U.S. citizenship is required for this position due to Department of Defense restrictions.
Bachelor's Degree in related field or equivalent post high school and/or related work experience
We also prefer:
1 or more years of experience in Static Code Analysis and Software Vulnerability Assessment.
Understanding of programming languages such as .Net, JavaScript, and Java.
Related Security and/or Audit certifications, such as:
Certified Ethical Hacker (CEH)
Offensive Security Certified Professional (OSCP)
Certified Associate in Software Testing (CAST)
Certified Information Systems Security Professional (CISSP)
A Comprehensive understanding of:
Static and dynamic code assessment tools.
Web Application Firewall concepts.
Fortify WebInspect
Tenable Security Center
OWASP Top 10 application vulnerabilities
working with 3rd party service vendors
HIPAA Privacy Rule
Compensation and Benefits
Eligible for annual Performance Bonus Program
401(k) with dollar-per-dollar match up to 6% of salary
Competitive paid time off
Health and dental insurance start DAY 1
Vision insurance
Flexible spending, dependent care, and health savings accounts
Short- and long-term disability, group life insurance
Dress for your day
Innovative professional and cognitive development programs
Who We Are
WPS Health Solutions is an innovator in health insurance and a worldwide leader in claims administration, serving millions of beneficiaries in the United States and abroad.
Founded in 1946, WPS offers health insurance plans for individuals, families, and seniors, and group plans for small and large businesses. We are a world-class claims processor and program administrator for the government's Medicare program. And we manage benefits for millions of active-duty and retired military personnel and their families.
Our purpose is to make healthcare easier for those we serve. Click Here
Our values - Customer Focused, Individual Responsibility, Mutual Respect, and Driven & Passionate - are the core of who we are and how we conduct business every day.
WPS Health Insurance
WPS Health Insurance offers high-quality health insurance plans for individuals and families, Medicare supplement plans for seniors, and group health plans for businesses of every size.
WPS Military and Veterans Health administers claims and provides customer service and related activities for the U.S. Department of Defense and the U.S. Department of Veterans Affairs and their beneficiaries.
WPS Government Health Administrators manages Medicare Part A and Part B benefits for more than 7 million beneficiaries. As one of the largest contractors for the Centers for Medicare & Medicare Services, we've served Medicare beneficiaries and their health care providers since 1966.
WPS Health Plan offers Health Maintenance Organization and Point-of-Service plans to the group and individual markets in eastern and north-central Wisconsin, plus third-party administrator services.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)