Senior Application Security Engineer, Cybersecurity

Senior Application Security Engineer, Cybersecurity

Ensemble Health Partners is a leading provider of technology-enabled revenue cycle management solutions for health systems, including hospitals and affiliated physician groups. We offer end-to-end revenue cycle solutions and comprehensive point solutions to clients nationwide. Our mission is to keep communities healthy by keeping hospitals healthy, emphasizing meaningful human connection in healthcare.

O.N.E Purpose

• Customer Obsession: Provide exceptional experiences for clients, patients, and colleagues by understanding needs and exceeding expectations.
• Embracing New Ideas: Continuously innovate by embracing emerging technology and fostering creativity and experimentation.
• Striving for Excellence: Execute at a high level, demonstrating our “Best in KLAS” Ensemble Difference Principles and consistently delivering outstanding results.

The Opportunity

The Senior Application Security Engineer, Cybersecurity, joins the Cybersecurity Technical Assessments team, providing advanced expertise in secure software development practices and application tooling. This critical role involves managing and optimizing the application security tool stack, including SAST, DAST, SCA, IaC scanning, and secret detection, ensuring seamless integration into the Software Development Lifecycle (SDLC). You will collaborate with development, engineering, and product teams to identify, triage, and remediate vulnerabilities, mentor junior engineers, and drive the evolution of secure development practices across the organization.

Essential Job Functions

• Manage and optimize application security tools (SAST, DAST, SCA, IaC, secret scanning) and ensure effective integration into CI/CD pipelines and the SDLC lifecycle.
• Analyze source code and infrastructure-as-code for security vulnerabilities, providing actionable remediation guidance.
• Validate and triage security findings, removing false positives and ensuring accurate issue tracking.
• Create and manage remediation tickets (e.g., Aha! Ideas, ServiceNow Requests), prioritizing, assigning, and tracking vulnerabilities to resolution.
• Collaborate with development and engineering teams to validate remediation efforts and confirm closure of security issues.
• Participate in the risk management process by documenting, reviewing, and maintaining risk exceptions for unresolved or accepted vulnerabilities.
• Work with risk owners and business stakeholders to ensure appropriate compensating controls are documented and in place.
• Lead secure code reviews and contribute to threat modeling and design discussions for high-risk applications.
• Mentor junior engineers and provide technical guidance on secure development practices.
• Contribute to the development and refinement of secure coding standards, policies, and procedures.
• Develop and maintain dashboards and reports communicating application security posture, remediation progress, and risk trends to leadership.
• Identify recurring security issues and propose systemic improvements to reduce future risk.
• Lead efforts to evaluate, pilot, and implement new application security tools and integrations that enhance automation and coverage.
• Continuously refine scanning configurations and policies to improve signal-to-noise ratio in findings.
• Stay informed on emerging threats, vulnerabilities, and industry trends, recommending improvements to tooling and processes.
• Participate in the evaluation and onboarding of new security tools and technologies.
• Work closely with cross-functional stakeholders to analyze and troubleshoot complex production issues.

Job Competencies

• Technical Proficiency: Deep expertise in application security tooling (SAST, DAST, SCA, IaC scanning, secret scanning); strong understanding of secure coding principles and SDLC integration; proficiency in scripting and programing languages (e.g., .NET, Python, JavaScript).
• Analytical Skills: Ability to analyze and validate security findings, prioritize risk, and guide remediation; strong attention to detail in identifying false positives and systemic security gaps.
• Communication Skills: Ability to clearly communicate technical issues to both technical and non-technical stakeholders; skilled in writing documentation, reports, and presenting findings to cross-functional teams.
• Team Collaboration: Experience working in Agile/DevOps environments with cross-functional teams; ability to mentor junior engineers and lead small-scale security initiatives; ability to work effectively with a remotely located team spanning multiple time zones.
• Continuous Learning: Commitment to staying current with evolving security tools, threats, and best practices; active pursuit of professional development and relevant certifications.

Employment Qualifications

• 5-7 years of related experience relative to the role.
• Bachelors degree or equivalent experience.
• Minimum of 5 years of experience in software development, architecture, or engineering roles.
• Minimum of 3-5 years of experience applying secure development practices or working directly with application security tools (e.g., SAST, DAST, SCA, IaC scanning).
• Demonstrated experience leading remediation efforts and collaboration between development and security teams to address vulnerabilities.
• Ability to read and interpret stack traces and source code call trees to validate and triage security findings.
• Experience working in Agile/SCRUM environments and implementing CI/CD and DevOps practices.
• Proficiency in scripting languages (e.g., Python, PowerShell, Bash) to support automation and developer tooling.
• Experience deploying and automating security solutions in enterprise environments using AWS and/or Azure.
• Hands-on experience with application security platforms including SAST, DAST, SCA, IaC scanning, and secret detection tools.
• Proficiency in one or more programming languages such as Java, .NET (C#), PHP, JavaScript, or Python.
• Working knowledge of SQL and relational database security considerations.
• Strong understanding of OWASP Top10 and secure coding standards.
• Experience with version control systems (Github, Azure DevOps, Gitlab) and CI/CD pipeline integration.
• Familiarity with infrastructure-as-code tools (Terraform, CloudFormation) and containerization technologies (Docker, Kubernetes).
• Strong analytical and problem-solving skills.
• Familiarity with Linux and Windows operating systems and cloud-native security practices in Azure, AWS, or GCP.
• Ability to create scripts (PowerShell/bash).
• Adherence to secure change management and deployment processes.
• Excellent communication skills and the ability to serve as a security ambassador across engineering and product teams.
• Proven ability to take ownership of complex issues and drive them to resolution with minimal oversight.

Awards and Recognition

• Five-time winner of “Best in KLAS” 2020-2022, 2024-2025.
• Black Book Research's Top Revenue Cycle Management Outsourcing Solution 2021-2024.
• 22 Healthcare Financial Management Association (HFMA) MAP Awards for High Performance in Revenue Cycle 2019-2024.
• Leader in Everest Group's RCM Operations PEAK Matrix Assessment 2024.
• Clarivate Healthcare Business Insights (HBI) Revenue Cycle Awards for strong performance 2020, 2022-2023.
• Energage Top Workplaces USA 2022-2024.
• Fortune Media Best Workplaces in Healthcare 2024.
• Monster Top Workplace for Remote Work 2024.
• Great Place to Work certified 2023-2024.

Benefits and Culture

We offer a comprehensive benefits package designed to support the physical, emotional, and financial health of you and your family, including healthcare, time off, retirement, and well-being programs. Our culture is rooted in collaboration, growth, and innovation. We invest in professional development, offering professional certification relevant to your field and tuition reimbursement. We also provide quarterly and annual incentive programs for high performance.

Ensemble Health Partners is an equal employment opportunity employer. If you require accommodation in the application process, please contact [email protected].