Ensemble Health Partners

Application Security Engineer, Sr.

Reposted 6 Days Ago

Hiring Remotely in United States

Remote

Senior level

Healthtech • Financial Services

The Role

The Senior Application Security Engineer will manage application security tools, analyze vulnerabilities, collaborate with teams, mentor junior staff, and enhance secure coding practices across the organization.

Summary Generated by Built In

Thank you for considering a career at Ensemble Health Partners!

Ensemble Health Partners is a leading provider of technology-enabled revenue cycle management solutions for health systems, including hospitals and affiliated physician groups. They offer end-to-end revenue cycle solutions as well as a comprehensive suite of point solutions to clients across the country.

Ensemble keeps communities healthy by keeping hospitals healthy. We recognize that healthcare requires a human touch, and we believe that every touch should be meaningful. This is why our people are the most important part of who we are. By empowering them to challenge the status quo, we know they will be the difference!

O.N.E Purpose:

Customer Obsession: Consistently provide exceptional experiences for our clients, patients, and colleagues by understanding their needs and exceeding their expectations.
Embracing New Ideas: Continuously innovate by embracing emerging technology and fostering a culture of creativity and experimentation.
Striving for Excellence: Execute at a high level by demonstrating our “Best in KLAS” Ensemble Difference Principles and consistently delivering outstanding results.

The Opportunity:

The Senior Application Security Engineer, Cybersecurity will serve as a key member of the Cybersecurity Technical Assessments team, providing advanced expertise in secure software development practices and application tooling. This role is responsible for managing and optimizing the application security tool stack—including SAST, DAST, SCA, IaC scanning, and secret detection—and ensuring its effective integration into the software development lifecycle (SDLC). The Senior Application Security Engineer will collaborate with development, engineering, and product teams to identify, triage, and remediate vulnerabilities, while also mentoring junior engineers and contributing to the evolution of secure development practices across the organization.

Job Competencies

Technical Proficiency:

Deep expertise in application security tooling (SAST, DAST, SCA, IaC scanning, secret scanning)
Strong understanding of secure coding principles and SDLC integration
Proficiency in scripting and programing languages (e.g., .NET, Python, JavaScript)

Analytical Skills:

Ability to analyze and validate security findings, prioritize risk, and guide remediation
Strong attention to detail in identifying false positives and systemic security gaps

Communication Skills:

Ability to clearly communicate technical issues to both technical and non-technical stakeholders
Skilled in writing documentation, reports, and presenting findings to cross-functional teams

Team Collaboration:

Experience working in Agile/DevOps environments with cross-functional teams
Ability to mentor junior engineers and lead small-scale security initiatives
Ability to work effectively with a remotely located team spanning multiple time zones

Continuous Learning:

Commitment to staying current with evolving security tools, threats, and best practices
Active pursuit of professional development and relevant certifications

Essential Job Functions

Manage and optimize application security tools (SAST, DAST, SCA, IaC, secret scanning) and ensure effective integration into CI/CD pipelines and the SDLC lifecycle
Analyze source code and infrastructure-as-code for security vulnerabilities and provide actionable remediation guidance
Validate and triage findings from security tools, removing false positives and ensuring accurate issue tracking
Create and manage remediation tickets (e.g., Aha! Ideas, ServiceNow Requests), ensuring vulnerabilities are prioritized, assigned, and tracked to resolution
Collaborate with development and engineering teams to validate remediation efforts and confirm closure of security issues
Participate in the risk management process by documenting, reviewing, and maintaining risk exceptions for unresolved or accepted vulnerabilities
Work with risk owners and business stakeholders to ensure appropriate compensating controls are in place and documented.
Lead secure code reviews and contribute to threat modeling and design discussions for high-risk applications
Mentor junior engineers and provide technical guidance on secure development practices
Contribute to the development and refinement of secure coding standards, policies, and procedures
Develop and maintain dashboards and reports that communicate application security posture, remediation progress, and risk trends to leadership
Identify recurring security issues and propose systemic improvements to reduce future risk
Lead efforts to evaluate, pilot, and implement new application security tools and integrations that enhance automation and coverage
Continuously refine scanning configurations and policies to improve signal-to-noise ratio in findings
Stay informed on emerging threats, vulnerabilities, and industry trends, and recommend improvements to tooling and processes
Participate in the evaluation and onboarding of new security tools and technologies
Work closely with cross-functional stakeholders to analyze and troubleshoot complex production issues.

Employment Qualifications

5-7 years of related experience relative to the role
Bachelors degree or equivalent experience
A minimum of 5 years of experience in software development, architecture, or engineering roles
A minimum of 3-5 years of experience applying secure development practices or working directly with application security tools (e.g., SAST, DAST, SCA, IaC scanning)
Demonstrated experience leading remediation efforts and collaboration between development and security teams to address vulnerabilities
Ability to read and interpret stack traces and source code call trees to validate and triage security findings
Experience working in Agile/SCRUM environments and implementing CI/CD and DevOps practices
Proficiency in scripting languages (e.g., Python, PowerShell, Bash) to support automation and developer tooling
Experience deploying and automating security solutions in enterprise environments using AWS and/or Azure
Hands-on experience with application security platforms including SAST, DAST, SCA, IaC scanning, and secret detection tools
Proficiency in one or more programming languages such as Java, .NET (C#), PHP, JavaScript, or Python)
Working knowledge of SQL and relational database security considerations
Strong understanding of OWASP Top10 and secure coding standards
Experience with version control systems (Github, Azure DevOps, Gitlab) and CI/CD pipeline integration
Familiarity with infrastructure-as-code tools (Terraform, CloudFormation) and containerization technologies (Docker, Kubernetes)
Strong analytical and problem-solving skills, with the ability to bring structure and clarity to complex technical challenges
Familiarity with Linux and Windows operating systems and cloud-native security practices in Azure, AWS, or GCP
Ability to create scripts (PowerShell/bash)
Adherence to secure change management and deployment processes
Excellent communication skills and the ability to serve as a security ambassador across engineering and product teams
Proven ability to take ownership of complex issues and drive them to resolution with minimal oversight

#LI-MT1

#LI-Remote

Join an award-winning company

Five-time winner of “Best in KLAS” 2020-2022, 2024-2025

Black Book Research's Top Revenue Cycle Management Outsourcing Solution 2021-2024

22 Healthcare Financial Management Association (HFMA) MAP Awards for High Performance in Revenue Cycle 2019-2024

Leader in Everest Group's RCM Operations PEAK Matrix Assessment 2024

Clarivate Healthcare Business Insights (HBI) Revenue Cycle Awards for strong performance 2020, 2022-2023

Energage Top Workplaces USA 2022-2024

Fortune Media Best Workplaces in Healthcare 2024

Monster Top Workplace for Remote Work 2024

Great Place to Work certified 2023-2024

Innovation
Work-Life Flexibility
Leadership
Purpose + Values

Bottom line, we believe in empowering people and giving them the tools and resources needed to thrive. A few of those include:

Associate Benefits – We offer a comprehensive benefits package designed to support the physical, emotional, and financial health of you and your family, including healthcare, time off, retirement, and well-being programs.
Our Culture – Ensemble is a place where associates can do their best work and be their best selves. We put people first, last and always. Our culture is rooted in collaboration, growth, and innovation.
Growth – We invest in your professional development. Each associate will earn a professional certification relevant to their field and can obtain tuition reimbursement.
Recognition – We offer quarterly and annual incentive programs for all employees who go beyond and keep raising the bar for themselves and the company.

Ensemble Health Partners is an equal employment opportunity employer. It is our policy not to discriminate against any applicant or employee based on race, color, sex, sexual orientation, gender, gender identity, religion, national origin, age, disability, military or veteran status, genetic information or any other basis protected by applicable federal, state, or local laws. Ensemble Health Partners also prohibits harassment of applicants or employees based on any of these protected categories.

Ensemble Health Partners provides reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law. If you require accommodation in the application process, please contact [email protected].

This posting addresses state specific requirements to provide pay transparency. Compensation decisions consider many job-related factors, including but not limited to geographic location; knowledge; skills; relevant experience; education; licensure; internal equity; time in position. A candidate entry rate of pay does not typically fall at the minimum or maximum of the role’s range.

EEOC – Know Your Rights
FMLA Rights - English

La FMLA Español

E-Verify Participating Employer (English and Spanish)

Know your Rights

Top Skills

.Net

AWS

Azure

Bash

CloudFormation

Docker

JavaScript

Kubernetes

Powershell

Python

SQL

Terraform

View all jobs at Ensemble Health Partners

View Ensemble Health Partners Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

HQ: Cincinnati, OH

3,463 Employees

Year Founded: 2014

What We Do

Ensemble Health Partners is a leading innovator in revenue cycle management, helping healthcare providers improve financial outcomes and patient experiences with an unrivaled depth of expertise and best-in-class technologies. Ensemble offers full revenue cycle outsourcing as well as a comprehensive suite of healthcare financial management point solutions. With clients spanning the U.S. and Europe, we have been helping to improve healthcare outcomes for millions of patients while saving hundreds of millions of dollars for healthcare providers. We are committed to bringing every provider that we support to the peak of revenue cycle excellence. Our approach forges true partnerships that dive deep into the details to find solutions and deliver results that last. Recognized with multiple industry awards and as a Becker’s Healthcare Top Workplace, Ensemble is setting a new standard for provider support services - redefining the possible in healthcare by empowering people to be the difference.