Application Security Engineer

Application Security Engineer

Mosaic Health is a national care delivery platform focused on expanding access to comprehensive primary care for consumers with coverage across Commercial, Individual Exchange, Medicare, and Medicaid health plans. The Business Units which comprise Mosaic Health are multi-payer and serve nearly one million consumers across 19 states, providing them with access to high quality primary care, integrated care teams, personalized navigation, expanded digital access, and specialized services for higher-need populations. Through Mosaic Health, health plans and employers have an even stronger care provider partner that delivers affordability and superior experiences for their members and employees, including value-based primary care capacity integrated with digital patient engagement and navigation. Each of the companies within Mosaic Health provide unique offerings that together promise to improve individuals' health and wellbeing, while helping care providers deliver higher quality care. For more information, please visit www.mosaichealth.com.

Formed in 2008 and headquartered in Fort Myers, Florida, with offices in Florida, North Carolina, and Texas, Millennium Healthcare is the largest independent physician group in the state of Florida and one of the largest in the United States. At Millennium Physician Group, our employees are the foundation of our success. Our promise is to provide you with the tools to do your job successfully, as well as providing a team atmosphere that empowers you to seek better ways to deliver care to our patients and their families. We also promise to care for you as an individual and help you grow in your role.

Responsibilities

Design and implement security measures to protect applications from threats and vulnerabilities.

Conduct security assessments, including code reviews, penetration testing, and threat modeling.

Develop threat models and recommend mitigations to reduce risk.

Work closely with software development teams to integrate security into the software development lifecycle (SDLC).

Support security incident investigations related to application vulnerabilities.

Recommend and implement corrective actions post-incident.

Develop and enforce secure coding guidelines and best practices.

Identify, analyze, and remediate security vulnerabilities in applications and APIs.

Monitor application security threats and respond to security incidents promptly.

Perform security risk assessments and provide recommendations for mitigating risks.

Assist in compliance with security frameworks such as OWASP, NIST CSF, and DevSecOps.

Incorporate security protections that meet HPAA, PCI DSS, ISO 27001, and SOC 2 requirements.

Research and stay updated on emerging security threats, trends, and technologies.

Provide training and guidance to developers and other stakeholders on secure coding practices.

Demonstrate excellent guest service to internal team members and patients.

Perform other related duties as assigned.

Qualifications

Bachelor's degree in cyber security, Information Technology, Computer Science, or a related field.

3+ years of experience in application security, penetration testing, or a related role.

Strong knowledge of application security vulnerabilities and mitigation techniques (e.g., OWASP Top 10).

Proficiency in secure coding practices for languages such as Java, Python, JavaScript, or C#.

Hands-on experience with security testing tools (e.g., Burp Suite, OWASP ZAP, SAST / DAST tools).

Familiarity with DevSecOps and CI / CD security integration.

Understanding of cloud security principles (AWS, Azure, GCP).

Experience with security frameworks and compliance standards.

Strong analytical, problem-solving, and communication skills.

Relevant security certifications such as CISSP, CEH, OSCP, GWAPT, or CSSLP.

Experience with container security (Docker, Kubernetes) and Infrastructure as Code (IaC) security.

Knowledge of identity and access management (IAM) and authentication mechanisms.

A commitment to providing excellent service to internal team members and patients.

High level of professionalism and integrity in all interactions.

Ability to work independently in a fast-paced, cross-functional environment.

Physical Demands

Sedentary work. Exerting up to 10 pounds of force occasionally and / or negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects. Repetitive motion. Substantial movements (motions) of the wrists, hands, and / or fingers. The worker must have close visual acuity to perform an activity such as : preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading. Ability to lift to 15 lbs. independently not to exceed 50 lbs. without help.

Equal Employment Opportunity

Mosaic Health is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to age, citizenship status, color, creed, disability, ethnicity, genetic information, gender (including gender identity and gender expression), marital status, national origin, race, religion, sex, sexual orientation, veteran status or any other status or condition protected by applicable federal, state, or local laws. If you require an accommodation for the application or interview process, please let us know and we will work with you to meet your needs. Please contact HRbenefits@mpgus.com for assistance.