WebMD is the most recognized and trusted brand of health information and the leading provider of health information services, serving consumers, physicians, healthcare professionals, employers and health plans through our public and private online portals and WebMD the Magazine. The WebMD Health Network includes WebMD, Medscape, MedicineNet, eMedicine, RxList, theheart.org and Medscape Education. Our consumer portals and mobile health applications provide engaging, relevant and credible health and wellness information, personalized health assessment tools and access to online communities.
WebMD is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of race, ancestry, color, religion, sex, gender, age, marital status, sexual orientation, gender identity, national origin, medical condition, disability, veterans status, or any other basis protected by law.
Position Overview:
We are looking for a software developer to join our software security engineering team and help enhance WebMD Health Services' internal security program with focus on application security testing, penetration testing, secure coding practices, and security awareness training.
Responsibilities:
- Conducting thorough code reviews to ensure code quality and security.
- Performing penetration testing to identify vulnerabilities and potential threats.
- Overseeing security reviews to maintain a robust security posture.
- Implementing and managing monitoring and alerting systems to detect and respond to security incidents.
- Completing additional administrative tasks as needed to support the team's objectives
How do you know if this is the right role for you? If you:
Have a love for all things cyber security, especially in the medical/healthcare sector
Have strong analytical and problem-solving skills
Have a naturally curious nature and love learning how things work
Want to help design more secure software
Believe in "shifting left" and using your knowledge and talent to train and empower other development teams in software security best practices
Your Skills and Experience:
Languages: Efficiency in C#, Javascript, TypeScript, PowerShell, and SQL. Some knowledge of Java, Objective-C, and Swift is preferred but not required.
Strong knowledge of web application security vulnerability types such as SQL Injection, Cross-site Scripting, Cross-site Request Forgery, Remote Code Execution, and Information Disclosure.
Familiar with security testing software/tools such as Kali Linux, BurpSuite, nMap, NetCat, and Metasploit.
Familiarity with networking concepts such as routing, subnetting, IDS/IPS, firewalls, IPv4/v6, and HTTP.
Familiarity with information security related concepts such as symmetric and asymmetric encryption, public key infrastructure, Security Assertion Markup Language (SAML), and OpenPGP.
Certifications: Any related to software design, networking, and information security such as CompTIA Security+/Network+, Certified Ethical Hacker, or Certified Secure Programmer are strongly preferred but not required.
Bonus:
