Note: The job is a remote job and is open to candidates in USA. Blue Cross and Blue Shield of Nebraska is a mission-driven organization dedicated to championing the health and well-being of its members and the communities it serves. The Senior Application Security Engineer will lead the company's application security capabilities, focusing on secure software development practices and collaborating with engineering and risk teams to implement scalable security solutions.
Responsibilities
- Own and operate application security tooling, including SAST, DAST, and software composition analysis, ensuring tools are tuned, effective, and aligned to business risk
- Embed application security into CI/CD pipelines and development workflows to support shift‑left security while minimizing developer friction
- Perform secure code reviews and validate vulnerabilities for exploitability, impact, and remediation feasibility
- Define and maintain secure coding standards, guidance, and reusable security patterns for development teams
- Establish guardrails and review expectations for AI‑assisted and AI‑generated code, reducing unowned and unmanaged application risk
- Partner with development teams to triage findings, reduce false positives, and drive effective remediation
- Apply risk‑based decision making aligned to organizational risk appetite and compliance frameworks (NIST, HIPAA, SOC 2)
- Support application threat modeling and identification of architectural security gaps
- Collaborate with cloud, platform, and identity teams to ensure applications integrate securely with enterprise services
- Contribute to audit readiness, evidence collection, and regulatory support related to application security controls
- Reduce single‑points‑of‑failure by documenting processes, mentoring others, and improving program resiliency
Skills
- Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience)
- 6 years of experience in application security, secure software development, or DevSecOps
- Hands‑on experience with SAST, DAST, and dependency scanning tools, including tuning and operational ownership
- Strong understanding of application vulnerability classes (OWASP Top 10, APIs, authentication, authorization)
- Experience integrating security into CI/CD pipelines and development workflows
- Proven ability to assess risk, prioritize remediation, and clearly communicate decisions
- Comfort working independently, taking ownership, and driving outcomes with minimal oversight
- Strong communication skills with the ability to work effectively with developers, architects, and leadership
- Experience in healthcare or other regulated industries
- Familiarity with Azure PaaS and cloud‑native application architectures
- Exposure to AI‑assisted development risks, automation, or modern code‑generation tools
- Threat modeling experience and security design review participation
- Scripting or automation experience (Python, PowerShell, Bash)
- Relevant certifications (CSSLP, GWAPT, CISSP, or equivalent)
Company Overview
Company H1B Sponsorship