Security Engineer - Remote
Pittsburgh, PA /
Software Development – Security Engineering /
SemanticBits is a leading company specializing in the design and development of digital health services, and the work we do is just as unique as the culture we’ve created. We develop cutting-edge solutions to complex problems for commercial, academic, and government organizations. The systems we develop are used in finding cures for deadly diseases, improving the quality of healthcare delivered to millions of people, and revolutionizing the healthcare industry on a nationwide scale. There is a meaningful connection between our work and the real people who benefit from it; and, as such, we create an environment in which new ideas and innovative strategies are encouraged. We are an established company with the mindset of a startup and we feel confident that we offer an employment experience unlike any other and that we set our employees up for professional success every day.
SemanticBits is looking for a Security Engineer to keep our business, users, and data safe by assuring the security of our applications and platforms. This will be a highly collaborative position, in which the right candidate works to secure existing applications and platforms, makes platform and security enhancements, and helps to scale our security program through automation, process improvement, and tool creation.
The selected candidate will be required to work on multiple products and must be able to develop and present secure solutions and advice to technical teams as well as leadership. The candidate will further be required to assess risks and advise on security standards, best practices, and solutions. All this must be done by maintaining security quality and customer satisfaction.
- Collaborating with various teams to secure new platforms/applications
- Implementing platform security and framework improvements
- Implementing analysis and monitoring tools
- Working with engineering and QA teams to build tools and scale security in a continuous deployment environment
- Assessing the security of applications, APIs, and platforms via penetration testing and code reviews
- Document System Security plan and Contingency Plans for related projects
- A Bachelor's degree or higher in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or a related field, or equivalent experience
- At least 5 years of experience in the following: NIST 800-53 security controls, Penetration Testing, System Hardening (blue team), Programming/Scripting (java, node, python, etc), Incident Response
- Strong knowledge to perform the following penetration testing: Static Analysis/Static Application Security Testing, Vulnerability Assessment/Scanning, Dynamic Analysis/Dynamic Application Security Test (DAST), Malicious Software Analysis
- Strong foundation in one or more of the following: Data management security, Authentication, Applied cryptography, Linux security, Network & Cloud security
- Advanced knowledge of Linux platforms
- Advanced knowledge of application mobile security tools
- Strong technical acumen securing software and hardwareUnderstanding of software development and working experience with any one of the higher level programming languages or scripting
- Familiarity and experience with security technologies such as security engineering, security architecture, cryptography, data security, risk management, identity and access management, communication and network security, security assessment and testing, software development security, security operations
- Familiarity and experience with popular open source security projects such as OWASP ZAP and Snort
- Thorough understanding of issues documents in the OWASP Top Ten and CWE Top 25
- Demonstrated ability to exploit and mitigate application-level vulnerabilities
- Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation
- Experience using Linux/Unix at the command line for tasks related to web application development and deployment (DevOps)
One or more of the following certifications is preferred;OSCP, OSCE, OSWE, CISSP, GPEN, GXPN
Nice to Have
- Strong engineering background
- Application architecture experience
- Experience working in the healthcare industry
- Federal Government contracting work experience
- Prior experience working remotely full-time
Physical and emotional requirements for the job:
- This position is to be performed remotely from an individual’s home office and involves sedentary work. Employees in this role can be expected to exert up to 10 pounds of force on occasion in order to lift, carry, push, pull or otherwise move standard electronic equipment. Employees are expected to make decisions in a timely manner and display emotional intelligence during occasional stressful situations.
Three weeks of PTO
Ten paid holiday days
Comprehensive health benefits (medical with HSA option, dental, and vision)
401k retirement plan with matching benefit
100% paid short-term and long-term disability
100% paid life insurance
Flexible Spending Accounts (FSA)
Casual working environment
Flexible working hours
SemanticBits, LLC is an equal opportunity, affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other characteristic protected by law. We are also a veteran-friendly employer.
If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact 703-787-9656 x257 or HR@semanticbits.com for assistance.