Job Description

About the Role You will be joining our Application Development team managing the cyber security, infrastructure, and pipelines. You will work in a challenging, consumer-facing problem space, where you can make an immediate impact. You will get to work with the latest technologies, learn to use new tools and get the opportunity to have your say in the final product. Youll work alongside a great team in an open, collaborative environment. We are part of Vimo, a well-funded, stable mid-size company with excellent salaries, medical coverage, and perks. Vimo is an Equal Opportunity Employer. We are bringing modern technologies such as microservice based architecture, Kubernetes, cloud native development to the field of Health and Human Services in the Public Sector. Towards this, we are looking for multifaceted, multi-skilled cyber security experts who can help build out and enhance our platform while adopting many of these technologies. Senior Cyber Security Engineer Responsibilities: Collaborate with cross-functional teams to integrate security practices into the software development lifecycle. Must have one of the following certificates: CEH, Security+, or equivalent. Defines best practices, performs software security architecture, and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across various applications, programming languages and platforms. Supports development of technical security safeguards to protect information systems from intentional or accidental access/destruction Liaison between development teams and stakeholders to understand and formulate security requirements Defines, maintains, and enforces application security best practices. Conduct pen test assessment and manual/automated code reviews Demonstrate vulnerabilities to application owners and provide mitigation recommendations Experience with SAST, DAST, and OSA tools. Performs and conducts penetration tests and manual/automated code reviews Experience with any programming language like Java, .NET, C#, etc. Knowledge about Secure Coding best practices and OWASP top 10, SANS 25, CVE, etc. Identify AppSec related tools/conduct tool analysis, and provide recommendations Apply technical knowledge to analyze/develop, create, and implement process improvements, troubleshooting, and operational support Conduct regular security assessments and vulnerability scans on applications and infrastructure. Implement and manage security tools, such as static code analysis, dynamic application security testing (DAST), and container scanning. Automate security testing and monitoring processes to identify and remediate vulnerabilities. Maintain and improve security policies, procedures, and standards. Participate in incident response and root cause analysis. Provide guidance and training to development and operations teams on security best practices. Stay current with industry trends, emerging threats, and best practices in DevSecOps. Working in close collaboration with multi-functional teams Collaborate with clients and internal staff. Function within a team and be a self-directed individual contributor. Requirements & Qualifications: Degree in Computer Science or related field (Master / Bachelor level); Experience 7+ years Knowledge of Prisma cloud, SIEM, SOC, Nesus, Crowd strike, IDS/IPS, WAF, or similar services. Familiarity with API Security, Container Security, AWS Cloud Security. Knowledge of HIPPA, SOX, GDPR, and CCPA Standards and Policies and the associated certification and audit processes. Familiarity with Amazon AWS policy, configuration, and security management tools. Experience with security automation. Proven experience in software development and scripting (e.g., Python, Bash, PowerShell). Strong knowledge of DevOps and CI/CD concepts. Familiarity with cloud platforms (e.g., AWS, Azure, GCP). Experience with containerization and orchestration (e.g., Docker, Kubernetes). Knowledge of security frameworks and standards (e.g., OWASP, NIST). Understanding of encryption, authentication, and access control. Certifications such as CISM, CISSP, or Certified DevSecOps Engineer (CDSE) is a plus. Excellent problem-solving and communication skills. Strong attention to detail and a proactive mindset. Additional Experience We Would Love to Have Background in design and development of Technology for Government Health and Human Services Experience with design and development of SaaS solutions