Uncubed
   

Principal Application Security Engineer

Helix, Remote

See jobs at Helix


You + Helix

Helix is a place where innovators and doers gather in order to drive significant progress in population genomics. We have come together to work at the intersection of clinical care, research, and genomics.  

If you’re excited by the idea of making a meaningful impact and joining a team where we pride ourselves on driving innovation through fostering an environment with an emphasis on empowering one another to grow, Helix might be the place for you!

Helix + The World

Our end-to-end population genomics platform enables health systems, life sciences companies, and payers to advance genomic research and accelerate the integration of genomic data into routine clinical care. We support all aspects of population genomics from recruitment to translational research and help our partners use genomics to improve health outcomes, increase patient engagement, and lower costs.   Leading health systems, including Renown Health, AdventHealth, and Mayo Clinic, use our population genomics platform to power some of the world’s largest and fastest-growing population genomics initiatives.

For the COVID-19 public health crisis, Helix has built one of the nation’s largest COVID diagnostic labs and has been on the leading edge of national viral surveillance efforts tracking B.1.1.7 and other viral strains.  

What is special about this role:

You will join a passionate Enterprise IT and Security organization serving a variety of clients across a dynamic and growing company in an energizing environment. As an Application Security Principal, you’ll design and provide security solutions on Helix Products and Services to build solutions and features that scale, deliver near and long-term value for engineering and products teams. You will be a part of the IT & Security team and will report directly to CISO & Head of IT.

You will be responsible for:

  • Directly work with Engineering and Product teams to enhance Enterprise DevOps and App Dev tools ecosystem - plan, code management, test management, security analysis, and deployment - that aligns with industry standard best practices SDLC policies.
  • Leverage security automation toolset(s) SAST/DAST/ASTO to develop, build, and deploy at scale.
  • Influence and create new security designs, architectures, standards, and methods for product delivery infrastructure, including micro services deployments and containerization.
  • Participate in and drive application security review at all parts of the Software Development Lifecycle, including threat modeling, code review and dynamic testing.
  • Increase process automation maturity through DevOpsSec standard methodologies in product delivery (CI/CD) platform design, and process automations using SAST/DAST/ASTO capabilities.
  • Experienced in using CodeQL, an open source engine, or any commercial third-party SAST tool in the GitHub environment.
  • Experience in performing penetration tests. Deep knowledge of OWASP and the configuration and use of open-source security tools.
  • A track record of maintaining and improving skills in existing and emerging open-source technologies such as GitHub through training or self-research.
  • Excellent understanding of software development lifecycle (SDLC) patterns and implementation.

Qualifications:

  • A minimum of 7+ years of experience in Application Security 
  • Experience with SaaS, Cloud services, and cloud-native technologies
  • Experience partnering with software engineering teams in an agile delivery model
  • Open-source and third-party software component analysis (SCA)
  • Experience with at least one scripting language (Bash, Lua, Python, etc.)
  • Threat Modeling and Secure Architecture Design 
  • Secure Developer Training experience
  • Implementing security automation in CI/CD and DevSecOps 
  • Public Security Disclosures and Vulnerability Response Management
  • Offensive security and pen-testing experience
  • A high level of empathy and excellent communication skills
  • Bachelor/ Master Degree in Security, Technology relevant field or equivalent work experience

Pluses:

  • Familiar working in a highly regulated environment (eg. US NIST 800-53, ISO 27001, SOX, SOC 2 Type 2)
  • Experience in Cloud architecture security (ex: Azure, AWS, GCP)
  • Experience utilizing GitHub product features, such as GitHub Actions
  • Industry standard certifications (OSCP, AWAE, etc.)
  • Experience and expertise using CodeQL as well as writing CodeQL queries

What Helix has to offer you:

Aside from working alongside brilliant, dedicated, passionate, down-to-earth, curious, warm, and thoughtful people, we also provide great benefits:

  • Competitive compensation, Comprehensive Health insurance package including employer sponsored HSA 
  • 12 weeks of Maternity or Paternity leave
  • 401(k) with employer matching and 100% vested on first day
  • Corporate fitness rate 
  • Comprehensive Well Being benefits
  • Catered meals 
  • Flexible PTO

Helix is proud to be an equal opportunity employer, and committed to providing employment opportunities regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, pregnancy, childbirth and breastfeeding, age, sexual orientation, military or veteran status, or any other protected classification, in accordance with applicable federal, state, and local laws.

About Helix

WHAT WE'RE BUILDING It’s our hope that by unlocking more genetic data (around 22,000 genes), every person will be able to make more informed choices and decisions about their health, fitness, nutrition, and more. And that’s why we’re creating the only destination where you can explore products developed by our high-quality partners and personalized by your DNA. From search and discovery to sequencing and storing your DNA, we’re here to guide you throughout your DNA discovery. WHAT WE VALUE It’s our mission to empower every person to improve their life through DNA. We believe in a world where everyone benefits from their biological information and is able to help all of humanity lead better lives.

Want to learn more about Helix? Visit Helix's website.