The Sr. Information Security Software Engineer works with the Software Development Engineer to write and modify complex application programs using the latest security standards and best practices and assists Information Risk Management in the creation and enforcement of security standards. The Sr. Information Security Software Engineer has strong experience in software development engineering and application security. The Sr. Information Security Software Engineer is able to respond to urgent issues without losing focus on longer term deliverables. This position must balance a wide-range of priorities and manage relationships with other IT departments, all while considering short-term and long-term implications of each decision. This position may lead internal cross-department IT initiatives and may participate on cross-functional initiatives for Express Scripts. The Sr. Information Security Software may also lead a team of consultants in geographically diverse locations.
Partner with the software development engineer, other members of the development team, and Information Risk Management to ensure applications meet the accepted software security standards
Provides security leadership and assist management in implementing the organization's security strategy
Works with the application development team to find and remediate existing vulnerabilities
Serves as a security SME for the application development teams
Coaches and mentors development teams on how to write secure software
Provides technical guidance to projects/programs for all security questions and concerns
Leads development of standard application security practices, components, and guidelines, including libraries, frameworks, and reference implementations
Assists teams to resolve urgent and high production incidents in a manner that is consistent with the published security guidelines
Works on special projects as assigned
Pressure tests and identifies potential security vulnerabilities
Prioritizes requests and activities and develops schedules and work plans for projects/initiatives
Ensures projects/initiatives are completed within designated time frames
Ensures quality and service standards are maintained
Leads resolution of urgent and on-going problems cross-functionally to ensure overall security
Leads the development and implementation of strategic work plan goals; tracks and periodically reports progress to leadership
Assists with information security budget planning and management for their department
Liaison for IRM, security, PCI, NIST, HIPAA & external audits.
Develop processes in place as needed to ensure that Specialty is not negatively impacted by any Enterprise change going forward.
Create and track appropriate metrics for security standards.
May direct a team of contract staff in one or more sites
Bachelor's degree in Information Systems or related field
8+ years Information Technology experience with direct experience implementing high volume multi-tier transactional systems, including: Web applications, workflow, API's and web services. PEGA is preferred and not mandatory.
5+ years Information Security experience
5+ years in Risk, IT Consulting, IT Infrastructure Management or Data Governance
Minimum of 8+ Years IT experience, Mastery / certification in one or more standard architecture frameworks or technologies.
Security certification preferred, e.g. Security+, CISSP, CSSLP, etc.
Demonstrated ability to provide and implement secure solutions to a wide range of difficult problems
Demonstrated ability to lead discussions with all levels of the organization and provide balanced information of an idea or communication of an issue regardless of written or verbal
Experience working in a vendor partner model
Strong mentoring skills
Demonstrated ability to adapt in a dynamic work environment and make independent decisions
Demonstrated ability to work collaboratively across project teams
Demonstrated strong understanding and experience with both information security and risk management, including information security assessment, mitigation solution design/implementation, policy and standards
Ability to define N-tier applications, understanding how they fit into the overall system architecture of a shared SOA platform and supporting IT infrastructure
Operating Systems: Unix, Linux, AIX, iOS and Windows OS
Have knowledge on cloud computing specially Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS).
Possesses a sense of urgency about exceeding the objectives of the role
Ability to work in a rapidly changing, highly complex matrixed environment
A true team player and collaborator, translating prior knowledge and experience into strong productive relationships internally and externally
Strong interpersonal, influence and communications skills with an ability to interact effectively with a variety of contacts and the ability to effectively manage and build relationships with leaders and team members in geographically dispersed environments
Experience with health care or PBM industry is helpful
Experience with PCI industry standards is helpful
Willingness to work a flexible schedule to accommodate project deadlines
Willingness to travel as needed
ABOUT THE DEPARTMENT
Application Development is focused on creating, testing and deploying client and patient applications that run our renowned customized service delivery system. These teams use traditional and Agile application development disciplines, depending on client, partner and patient requirements. The following functional areas make up the Application Development community\:
Home Delivery & Application Services This team leads application development strategy and execution, and business relationship management for Home Delivery and patient systems. They also manage all centralized functions for quality assurance, release management and production support operations.
Home Delivery Home Delivery oversees application development strategy and execution, including business relationship management for all Home Delivery, Contact and Digital systems.
Pharmacy Benefit Management (PBM) The PBM group is responsible for application design, development and strategy for all core PBM systems including Benefits & Eligibility, Clinical Programs, Coverage Review Determination, Supply Chain, Retail Networks, Client Data, Adjustments and Claims Adjudication. This team partners with Clinical Solutions, Client Services, Supply Chain, Operations, Product and Account Management to bring innovative solutions and service to clients and patients.
Specialty The Specialty team manages application development, strategy and execution, and business relationship management for Specialty systems.
ABOUT EXPRESS SCRIPTS
Advance your career with the company that makes it easier for people to choose better health. Express Scripts is a leading healthcare company serving tens of millions of consumers. We are looking for individuals who are passionate, creative and committed to creating systems and service solutions that promote better health outcomes. Join the company that Fortune magazine ranked as one of the 'Most Admired Companies' in the pharmacy category. Then, use your intelligence, creativity, integrity and hard work to help us enhance our products and services. We offer a highly competitive base salary and a comprehensive benefits program, including medical, prescription drug, dental, vision, 401(k) with company match, life insurance, paid time off, tuition assistance and an employee stock purchase plan. Express Scripts is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. Applicants must be able to pass a drug test and background investigation. Express Scripts is a VEVRAA Federal Contractor.