Req #201285

Application Security Engineer

Remote/Virtual
Apply Today

Application Security Engineer:

What’s Important in a Candidate

A desire to be part of something bigger than yourself – to positively impact those around you.

A deep love for learning and pursuit of excellence.

A commitment to work well with others – strive for better communication and collaboration

Grit to get things done, improve processes. Try new things and fail. Get up. Succeed.

The ability to identify priorities and manage your time effectively.

An eye towards automation and resolve to execute on it.

 

Do these things resonate with you? Let’s talk. Don’t be intimidated by any fancy words below or the kitchen sink of what we are looking for. The above attributes are paramount.

About Castlight

 

Castlight Health, Inc. offers a comprehensive software-as-a-service platform that simplifies health benefits navigation for millions of employees. Our platform matches employees to the best resources their employers make available to them – whether they are healthy, actively seeking medical care, or managing a condition – and motivates them to take the best steps for their health. Castlight helps employers generate more value from their benefits investments by helping to improve outcomes, lower health care costs, and increase benefits satisfaction.

 

In 2022, Castlight merged with Vera Whole Health. Vera Whole Health is leading the critical shift to value-based care across the United States. Vera is the only care model with the capability to deliver whole system health to a diverse patient population from a single care center.

 

Castlight – Vera combined to create a groundbreaking new company dedicated to scaling value-based care in the commercial market. We are committed to driving increased member engagement, better health outcomes, and a reduced total cost of care.

 

The Castlight – Vera culture values and celebrates different backgrounds, perspectives, and points of view. We believe our diversity helps drive creativity and innovation. We strive to make everyone feel included, valued, and engaged; enable them to do their best work; and build their careers here at Castlight.


Castlight Health provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Castlight Health will provide reasonable accommodations for qualified individuals with disabilities.

About the Role:

    You live and breathe application security

    You enjoy collaborating with engineers and building out actionable policies and practices.

    You have experience with multiple frontend and backend frameworks and are comfortable identifying and resolving security issues.

    You are particularly deep in API security best practices.

    You have experience integrating threat modeling throughout the application development lifecycle.

    You have experience in mobile application specific application security.

    You believe in automation and almost nothing brings you the same level of joy as a well tuned, purposeful CI/CD pipeline.

    You could explain DAST, SAST, IAST to our C-suite as well as help us make the best use of the appropriate technology.

    You aren’t afraid to pitch in for incident response and investigations and help use the lessons from our worst days to make our every day better.

 

You’ll be successful with the following qualifications:

Education:

    Bachelor’s Degree: Preferred

Licenses/Certifications:

The following certifications will help you stand out.

    SANS GWEB, GWAPT

    ISC CSSLP

    OSWE, CASE Java

Demonstrated Experience:

    Minimum of 1-3 years related work experience in Application security, development or equivalent role.

    Building and breaking modern applications (SPAs, mobile apps, APIs, webhooks, etc.) in modern processing environments (CDN, WAF, API gateways, etc).

    Establishing application security practices and technical pipelines, especially integrating useful controls in CI/CD pipelines both on-premise and cloud environments.

    Working with engineering teams to balance ongoing product feature development, technology limitations with security concerns.

    Conducting or being the subject of privacy and/or security audits.

    Ability to produce high quality documentation, reports, procedures and technical specifications to communicate with a wide range of stakeholders.

    Effective at engaging with teams in various functions and across different levels

    Strong organizational skills and ability to prioritize and manage multiple projects simultaneously.

    Excellent analytical and writing skills with an emphasis on communicating complex issues across a wide audience.

    Experience working in an environment that processes PHI and with applicable standards, such as: NIST Privacy Framework, ISO/IEC 27701, ISO 27001, HIPAA, HITRUST, SOC 2.

Our Values:

One team. On a mission. Making things happen.

Diversity and Inclusion:

The Castlight culture values and celebrates different backgrounds, perspectives, and points of view. We believe our diversity helps drive creativity and innovation. We strive to make everyone feel included, valued, and engaged; enable them to do their best work; and build their careers here at Castlight. That is why diversity and inclusion are more than just words to us. Rather, they are a commitment to a culture where employees feel respected and empowered to share their ideas and deliver the best results.

Learn more about our continuing commitment to diversity and inclusion.

About Castlight:

Castlight is on a mission to make it as easy as humanly possible to navigate healthcare and live happier, healthier, more productive lives. Our health navigation platform connects with hundreds of health vendors, benefits resources, and plan designs, giving rise to the world’s first comprehensive app for all health needs. We guide individuals—based on their unique profile—to the best resources available to them, whether they are healthy, chronically ill, or actively seeking medical care. In doing so, we help companies regain control over rising healthcare costs and get more value from their benefits investments. Castlight revolutionized the healthcare sector with the introduction of data-driven price transparency tools in 2008 and the first consumer-grade wellbeing platform in 2012. Today, Castlight serves as the health navigation platform for millions of people and is a trusted partner to many of the largest employers in the world. We are headquartered in San Francisco and can be found online at www.castlighthealth.com.

Castlight Health provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Castlight Health will provide reasonable accommodations for qualified individuals with disabilities.

#LI-ME2

 

 

 

 

Castlight Health provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Castlight Health will provide reasonable accommodations for qualified individuals with disabilities.

Castlight Health does not accept unsolicited assistance from recruitment search firms for employment opportunities. All resumes submitted by search firms to any employee at Castlight Health via email, the Internet or in any form and/or method without a signed search agreement on Castlight’s form in place ahead of time will be deemed the sole property of Castlight Health. In such cases, no fee will be paid or payable in the event the candidate is hired by Castlight as a result of the submission.