Cloud Security Engineer - REMOTE 

WHY YOU WANT TO WORK AT FLEXION:  

We’re looking for a Cloud Security Engineer with an unwavering passion for working in autonomous, self-directed teams to build and secure complex systems using lean, agile mindsets. You will deliver incremental business value with each sprint and enable options at all scales. For this project, you and your team will secure and enhance an enterprise platform that  improves the digital healthcare experiences for millions of Americans.

Flexion is an agile software company that’s been delivering excellence for over 24 years. Our company culture is built on autonomy, trust, and transparency. We empower teams to remain self-sufficient and self-directed by hiring people who can solve complex problems through collaboration—this means lending a hand and flexing your multi-skilled muscles (security and application engineering, DevOps, research, business analysis, information architecture, etc.) as needed. Every member within a cross-functional team is a leader who takes responsibility for the entire team’s success, which mirrors the company’s overall flat structure.  You will tackle a wide variety of technical problems and exercise and expand your full range of skills and experience

WHAT THE JOB LOOKS LIKE: 

You will be part of a multi-disciplinary, agile foundational components team that is tasked with improving devsecops practices for modernizing enterprise government systems in healthcare.  We strive to automate all the things and build the highest quality secure systems with modern, cloud-native tools and emerging technologies.  This team acts as consultants, advisors, and implementers to assist those program teams to improve in security, stability, reliability, scalability, usability, quality, and efficiency. The project work is primarily remote but may require some client on-site work estimated at <10%.

• Advance the state-of-the-art practice for information and application security engineering across Flexion and out clients.
• Consult with and advise security engineers on the client program teams on security best practices.
• Develop and enhance tools to extract metrics about the security posture of the program.
• Run different security scans as needed.
• Perform security code reviews and pair with teammates to ensure security best practices are followed throughout the entire development lifecycle.
• Contribute to the design and architecture of software and infrastructure to ensure projects meet goals for security, scalability, maintainability, availability, and resiliency and should be able to clearly articulate and present the implications of design/architectural decisions, issues, and plans to leadership.
• Facilitate technical designs, architecture and planning.
• Embrace and enhance agile engineering practices such as delivering small narrow slices of functionality, Test Driven Development, Continuous Integration/Continuous Deployment, and Infrastructure as Code.
• Swarm and pair with your team to design, code, test, debug, deploy and document secure software and infrastructure.
• Provide expert troubleshooting services and support product development and data teams as a diagnostic expert to understand and document incident root causes.
• Although you are a member of the foundational components team, you may work directly with other development teams as an “Embedded Liaison”. In this case, some of your time will be spent with your other team as a Liaison, while the rest is spent working with the foundational components team to build tools and solutions.
• In addition, you will work with other security engineers across the team on larger security initiatives to support the entire division.

WHY WE WANT TO HIRE YOU:

You thrive working in a dynamic environment and think, design, and code with the knowledge that things will change. You can design small pieces as you go, while still thinking about how they fit into the whole. You welcome change as a positive thing and never look at anything you deliver as “final.” You understand when “good enough” really IS good enough, without ever compromising on the overall product quality. You want to work with team members who challenge you every day. You demonstrate an unwavering commitment to automated code coverage. 

YOU HAVE: 

Extensive experience in Information Security, Cloud and Operations Security, Application Security, Threat Modeling and Risk Identification, Security Controls and Compliance, Pen testing, Dynamic and Static Scanning Tools.

The ability to facilitate the identification of relevant application security threats (Threat Modeling in particular) and to establish appropriate security control requirements and test plans.

Fluency with agile methods including Scrum.

Ability to write tested high-quality code efficiently

Demonstrated success in building design patterns and software engineering best practices

Experience with tools such as AWS Trusted Advisor and dynamic and static scanner analysis for heterogeneous code bases.

The ability to ensure that software and infrastructure is architected, designed, and implemented to avoid security-related logic flaws and other adverse security consequences.

Strong familiarity with OWASP Top 10 and ASVS, and the ability to train other engineers in the identification and remediation of application  vulnerabilities. 

The ability to provide guidance to other engineers on the appropriate selection and implementation of relevant application security controls.

Security and privacy knowhow sufficient to apply NIST RMF (800-43 rev 4) in application design and implementation

Application and understanding of assessing remediating STIG operating system and application baselines

Strong core Linux networking, shell scripting and administration skills

Knowledge and experience with several of the following:

• Engineering experience with Python, Javascript, Java and Terraform
• Experience with tools supporting DevSecOps and Continuous Delivery

Experience with Security Tools including: ZAP, Burp Suite, SonarCloud/SonarQube, Snyk, Nessus, SSL analysis tools, Packet analysis tools and AWS Security Hub.

A Bachelor’s degree (or higher) in Computer Science or a related field or equivalent experience

• 6+ years of experience

AT FLEXION, WE LIVE BY THESE PRINCIPLES:

• Speak openly and honestly with your colleagues and clients about problems and proposed solutions
• Welcome and handle changing requirements and priorities with little or no warning
• Collaborate online in small groups about 50% of the time
• Encourage simple and minimal solutions that keep options open
• Expect and vocally advocate for quality and security first
• Learn new practices and techniques as the situation demands
• Ensure the teams develop demonstrable software every week or two
• Do what needs to be done to deliver the product or project without ego or attitude
• Dig deep to find the root causes of problems so we can create the right solutions
• Relentlessly improve yourself, your team, and your processes

The most efficient way to reach our recruiting team is to submit your resume through the URL provided. If you have questions or would like more information about this job posting or if you’d like to know more about Flexion Inc. in general, please contact SALLY HARRIS at 608-205-8785.

 EQUAL EMPLOYMENT OPPORTUNITY/AFFIRMATIVE ACTION EMPLOYER

If you require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at 608-205-8868 for assistance.

Required Skills Required Experience