Skip to content

Sr. Application Security Engineer

Sr. Application Security Engineer
Reports to:

The Sr. Application Security Engineer is a technology and process focused security professional with extensive experience in Development Operations, Software Engineering, Application Security and/or Information Security disciplines.

Position Description

The Sr. Application Security Engineer is a technology and process focused security professional with extensive experience in Development Operations, Software Engineering, Application Security and/or Information Security disciplines. This individual will be at the forefront of our security efforts, partnering closely with product and application developers to establish and elevate best practices for secure software development. They will advise, implement, and train teams on the processes, tools, and automation needed to fortify the SDLC and safeguard CAQH's products and applications.

The Sr. Application Security Engineer is a full-time, remote, exempt position and reports to the CISO.

Specific Responsibilities

  • Play a lead role in developing expert knowledge of Product Security, requirements, tools, and working methods across CAQH.
  • Ideate, communicate, and guide the implementation of complex vulnerability mitigation strategies to development teams.
  • Conduct manual and automated security assessments and code reviews to identify vulnerabilities within applications.
  • Collaborate with Product, Technology, and broader security teams to provide recommendations for solutions focused on decreasing business risks.
  • Perform threat modeling to identify potential security issues before they can be exploited. This involves understanding the attack surface of applications and predicting potential attack vectors.
  • Deliver reports on completed tests and document technical issues identified during the assessments.
  • Evaluate, select, and deploy security tooling to automate the detection of security vulnerabilities. This may include integrating security tools into continuous integration/continuous deployment (CI/CD) pipelines.
  • Lead or participate in the response to security incidents, including conducting post-mortem analysis to prevent future occurrences.
  • Ensure applications comply with relevant security standards and regulations. This may involve collaborating with auditors and performing regular security assessments.
Knowledge, skills and abilities
  • Understanding of containerization technologies.
  • Demonstrated expertise in product/application security architecture.
  • Experience with threat modeling, risk analysis and control design.
  • In depth knowledge of network security, authentication, and authorization.
  • Experience with Security integration into CI/CD and experience in driving CI/CD adaptation for security controls.
  • Advanced understanding of vulnerability exploitation chaining, and vulnerability remediation.
  • Strong familiarity with software development lifecycle (SDLC) processes and source control technologies.
  • 7+ Years of overall IT Experience with a major emphasis on application security.
  • Development experience in any modern programming language (including but not limited to Python, C++, Rust, Go).
  • Strong knowledge of Cloud Providers (Azure).
  • Bachelor’s degree in computer science or related field or possess the equivalent combination of industry related professional experience and education.
  • GWEB, CASE, CISSP, CSSLP certifications preferred.

Who We Are

Named one Modern Healthcare’s “Best Places to Work,” CAQH has helped nearly 1,000 health plans, 2+ million providers, government entities and vendors connect, exchange information and operate more efficiently. CAQH technology-enabled solutions and its Committee on Operating Rules for Information Exchange (CORE) bring the healthcare industry together to make sharing business information more automated, predictable, and consistent. CAQH Insights researches opportunities to reduce the burden of manual processes in healthcare administration.

What You Get

CAQH recognizes that its most important asset is its growing team of smart, creative, collaborative, forward-thinking and passionate professionals – and that a comprehensive employee benefits package is an important factor for them in choosing where to work. CAQH offers competitive compensation along with an extensive benefits package for all full-time employees, including medical, dental and vision coverage, tuition assistance and a 401k. We offer full-time remote work to all staff from any location and maintain a physical office in downtown Washington, DC.

At CAQH, we are proud of our active commitment to Diversity, Equity, and Inclusion (DEI). Our DEI committee works diligently to foster an inclusive workplace where all individuals are valued, respected, and empowered. We embrace diverse perspectives and are dedicated to providing equal opportunities for everyone to thrive. Join us in our mission to transform healthcare through innovative technology solutions while making a positive impact on the lives of diverse communities.

CAQH is an equal opportunity employer. It is our policy to recruit, hire, train, and promote individuals, as well as administer any and all personnel actions, without regard to race, color, religion, sex, national origin or ancestry, age, marital status, disability, protected veteran status, personal appearance, sexual orientation, gender identity or expression, familial status, family responsibilities, matriculation, political affiliation, genetic information, source of income, place of residence, or any other characteristic protected by law. CAQH will not tolerate any unlawful discrimination and any such conduct is strictly prohibited.

Applicants have rights under the Family Medical Leave Act (FMLA)Equal Employment Opportunity (EEO), and the Employee Polygraph Protection Act (EPPA). If you are interested in applying for employment with CAQH and need an accommodation to apply for a posted position, contact CAQH Human Resources at 202-517-0436.