Information Technology Applications Security Professional

UnitedHealth Group

(Minnetonka, Minnesota)

Full Time

Job Posting Details

About UnitedHealth Group

UnitedHealth Group is the most diversified health care company in the United States and a leader worldwide in helping people live healthier lives and helping to make the health system work better for everyone.

Responsibilities

* Provide expert advice and consultancy to customers on risk assessment, threat modeling and fixing vulnerabilities.
* Work with development teams to carry out Application Security Reviews.
* Conduct logical security audits and hands-on technical security evaluations and implementations
* Perform security reviews of source code, stored procedures, and server/service configurations
* Provide expert advice and consultancy to customers on risk assessment, threat modeling and fixing vulnerabilities.
* Identify security issues and risks, and develop mitigation plans
* Manage small projects, often with several team members
* Ability to interact with technical and managerial clients
* Develop and/or modify System Security Plans, Plan of Actions & Milestones, as well as other supporting documentation.
* Participate in security compliance efforts (e.g., HIPAA, PCIDSS, SOX)
* Provides analytical and technical security recommendations to other team members,
* Educate developers on secure coding techniques and security best practices.

Provide expert advice and consultancy to customers on risk assessment, threat modeling and fixing vulnerabilities.
Work with development teams to carry out Application Security Reviews.
Conduct logical security audits and hands-on technical security evaluations and implementations
Perform security reviews of source code, stored procedures, and server/service configurations
Provide expert advice and consultancy to customers on risk assessment, threat modeling and fixing vulnerabilities.
Identify security issues and risks, and develop mitigation plans
Manage small projects, often with several team members
Ability to interact with technical and managerial clients
Develop and/or modify System Security Plans, Plan of Actions & Milestones, as well as other supporting documentation.
Participate in security compliance efforts (e.g., HIPAA, PCIDSS, SOX)
Provides analytical and technical security recommendations to other team members,
Educate developers on secure coding techniques and security best practices.

Ideal Candidate

**Required Qualifications:**

* Bachelor's Degree in Computer Science or  High School Diploma/ GED 4+ years of Professional Development experience required
* 5+ years of hands-on application security experience
* 7+ years of web application technologies, MVC, Ajax, XML, SOA, SSL, web-related protocols and services
* 7+ years of experience of MS SQL. Basic knowledge of other commonly-used RDBMS
* 3+ years of proficiency with the Microsoft Office suite
* 5+ years of Windows and Linux operating systems knowledge at advanced user level
* 7+ years of Hands-on development experience and thorough understanding of object-oriented programming, preferably Java, C#, ASP.NET
* 3+ years of experience in vulnerability testing and auditing

**Preferred Requirements:**

* Master’s Degree  preferred
* Proficiency writing secure code
* Experience working with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role).
* Knowledge of and experience working with common application security tools (Fortify, AppScan, WebInspect, etc.)
* Ability to identify security vulnerabilities from source code reviews and testing
*  Knowledge of encryption technologies, secure communications, and secure credentials management
* Advanced knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).
* Advanced experience with at least one scripting language (e.g.: Perl, Python)
* Conceptual understanding of software development principles and SDLC models, Agile experience is a plus
* Intermediate proficiency with C/C++ or Java. Experience with lower-level languages (Assembly), debug and reverse-engineering tools (IDA, etc.) is a plus
* Prior code audit/application penetration testing
* Security Certification preferred (e.g. CISSP)
* Knowledge of secure development practices and techniques including OWASP Top Ten.

Required Qualifications:

Bachelor's Degree in Computer Science or High School Diploma/ GED 4+ years of Professional Development experience required
5+ years of hands-on application security experience
7+ years of web application technologies, MVC, Ajax, XML, SOA, SSL, web-related protocols and services
7+ years of experience of MS SQL. Basic knowledge of other commonly-used RDBMS
3+ years of proficiency with the Microsoft Office suite
5+ years of Windows and Linux operating systems knowledge at advanced user level
7+ years of Hands-on development experience and thorough understanding of object-oriented programming, preferably Java, C#, ASP.NET
3+ years of experience in vulnerability testing and auditing

Preferred Requirements:

Master’s Degree preferred
Proficiency writing secure code
Experience working with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role).
Knowledge of and experience working with common application security tools (Fortify, AppScan, WebInspect, etc.)
Ability to identify security vulnerabilities from source code reviews and testing
Knowledge of encryption technologies, secure communications, and secure credentials management
Advanced knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).
Advanced experience with at least one scripting language (e.g.: Perl, Python)
Conceptual understanding of software development principles and SDLC models, Agile experience is a plus
Intermediate proficiency with C/C++ or Java. Experience with lower-level languages (Assembly), debug and reverse-engineering tools (IDA, etc.) is a plus
Prior code audit/application penetration testing
Security Certification preferred (e.g. CISSP)
Knowledge of secure development practices and techniques including OWASP Top Ten.