Apply on Employer Site

Ensemble Health Partners · 20 hours ago

Application Security Engineer, Sr.

United States

Full-time

Remote

Senior Level

5+ years exp

Ensemble Health Partners is a leading provider of technology-enabled revenue cycle management solutions for health systems. The Senior Application Security Engineer will manage and optimize application security tools, collaborate with development teams to remediate vulnerabilities, and mentor junior engineers in secure development practices.

Health CareHospitality

Responsibilities

Manage and optimize application security tools (SAST, DAST, SCA, IaC, secret scanning) and ensure effective integration into CI/CD pipelines and the SDLC lifecycle

Analyze source code and infrastructure-as-code for security vulnerabilities and provide actionable remediation guidance

Validate and triage findings from security tools, removing false positives and ensuring accurate issue tracking

Create and manage remediation tickets (e.g., Aha! Ideas, ServiceNow Requests), ensuring vulnerabilities are prioritized, assigned, and tracked to resolution

Collaborate with development and engineering teams to validate remediation efforts and confirm closure of security issues

Participate in the risk management process by documenting, reviewing, and maintaining risk exceptions for unresolved or accepted vulnerabilities

Work with risk owners and business stakeholders to ensure appropriate compensating controls are in place and documented

Lead secure code reviews and contribute to threat modeling and design discussions for high-risk applications

Mentor junior engineers and provide technical guidance on secure development practices

Contribute to the development and refinement of secure coding standards, policies, and procedures

Develop and maintain dashboards and reports that communicate application security posture, remediation progress, and risk trends to leadership

Identify recurring security issues and propose systemic improvements to reduce future risk

Lead efforts to evaluate, pilot, and implement new application security tools and integrations that enhance automation and coverage

Continuously refine scanning configurations and policies to improve signal-to-noise ratio in findings

Stay informed on emerging threats, vulnerabilities, and industry trends, and recommend improvements to tooling and processes

Participate in the evaluation and onboarding of new security tools and technologies

Work closely with cross-functional stakeholders to analyze and troubleshoot complex production issues

Qualification

Application Security ToolingSecure Coding PrinciplesScripting LanguagesAgile/DevOps ExperienceCloud Security (AWS/Azure)CI/CD Pipeline IntegrationOWASP Top 10Version Control SystemsInfrastructure-as-CodeAnalytical SkillsCommunication Skills

Required

5-7 years of related experience relative to the role

Bachelors degree or equivalent experience

A minimum of 5 years of experience in software development, architecture, or engineering roles

A minimum of 3-5 years of experience applying secure development practices or working directly with application security tools (e.g., SAST, DAST, SCA, IaC scanning)

Demonstrated experience leading remediation efforts and collaboration between development and security teams to address vulnerabilities

Ability to read and interpret stack traces and source code call trees to validate and triage security findings

Experience working in Agile/SCRUM environments and implementing CI/CD and DevOps practices

Proficiency in scripting languages (e.g., Python, PowerShell, Bash) to support automation and developer tooling

Experience deploying and automating security solutions in enterprise environments using AWS and/or Azure

Hands-on experience with application security platforms including SAST, DAST, SCA, IaC scanning, and secret detection tools

Proficiency in one or more programming languages such as Java, .NET (C#), PHP, JavaScript, or Python

Working knowledge of SQL and relational database security considerations

Strong understanding of OWASP Top10 and secure coding standards

Experience with version control systems (Github, Azure DevOps, Gitlab) and CI/CD pipeline integration

Familiarity with infrastructure-as-code tools (Terraform, CloudFormation) and containerization technologies (Docker, Kubernetes)

Strong analytical and problem-solving skills, with the ability to bring structure and clarity to complex technical challenges

Familiarity with Linux and Windows operating systems and cloud-native security practices in Azure, AWS, or GCP

Ability to create scripts (PowerShell/bash)

Adherence to secure change management and deployment processes

Excellent communication skills and the ability to serve as a security ambassador across engineering and product teams

Proven ability to take ownership of complex issues and drive them to resolution with minimal oversight

Benefits

Healthcare

Time off

Retirement

Well-being programs

Professional certification relevant to their field

Tuition reimbursement

Quarterly and annual incentive programs

Company

Ensemble Health Partners

Glassdoor3.2

Ensemble Health Partners is the leading revenue cycle management company for hospitals, health systems and physician practices.

Founded in 2014

Cincinnati, Ohio, USA

10001+ employees

https://ensemblehp.com

Funding

Current Stage

Late Stage

Total Funding

unknown

Key Investors

Berkshire Partners,Warburg Pincus

2022-03-25Private Equity

2019-05-30Acquired

Leadership Team

Judson Ivy

Founder and CEO

Matt Tormey

EVP Compliance and Risk

Recent News

PitchBook

Ensemble RCM lines up $4.4B syndicated loan backing recap, dividend to PE sponsors

2026-01-23

GlobeNewswire

Ensemble Earns Back-to-Back Recognition in Modern Healthcare’s Best in Business for Healthcare Technology

2026-01-13

GlobeNewswire

Ensemble Recognized as a Leader in IDC MarketScape for U.S. Revenue Cycle Management Service Solutions

2025-12-16

Company data provided by crunchbase