The Application Security Developer is responsible for securing APIs, developing and maintaining security applications, identifying and mitigating vulnerabilities in both new and existing applications, collaborating closely with software development, identity, and security teams to deliver secure products. This role includes ensuring the security of the organization's software applications by embedding security principles into the software development lifecycle (SDLC). The Application Security Developer also champions the implementation of security controls, assessments, and practices across the development teams to protect against cyber threats.
*This position may be filled at the Developer II, Developer III, or Lead Developer level, depending on qualifications and experience.
** This position is eligible to work hybrid (9 or more days a month onsite) in accordance with our Telecommuting Policy. Applicants must reside in Kansas or Missouri or be willing to relocate as a condition of employment.
Are you ready to make a difference? Choose to work for one of the most trusted companies in Kansas.
Why Join Us?
Dynamic Work Environment: Collaborate with a team of passionate and driven individuals.
FamilyComes First: Total rewards package that promotes the idea of family first for all employees.
Professional Growth Opportunities: Advance your career with ongoing training and development programs.
Trust: Work for one of the most trusted companies in Kansas
Stability: 80 years of commitment, compassion and community
Compensation
$77,840 - $122,000
Blue Cross and Blue Shield of Kansas offers excellent competitive compensation with the goal of retaining and growing talented team members. The salary range for this role is a good faith estimate, it is estimated based on what a successful candidate might be paid. All offers presented to candidates are carefully reviewed to ensure fair, equitable pay by offering competitive salaries that align with the individual's skills, education, experience, and training. The range may vary above or below the stated amounts.
What you'll do
Securing APIs: Work with development teams to secure both internal and external APIs using the Azure API Management product.
Maintain and Develop Software: Responsible for maintaining existing security solutions and developing new software solutions for the organization.
Security Design: Partner with development teams to ensure security is integrated into application designs, providing secure design guidance.
Vulnerability Assessment: Code reviews, and penetration tests to identify vulnerabilities such as SQL injection, XSS, CSRF, and others.
Secure Coding Practices: Promote and ensure adherence to secure coding practices by establishing coding standards, offering training, and providing remediation guidance.
Threat Modeling: Develop and maintain threat models to identify potential risks and implement preventive security measures early in the development cycle.
Incident Management & Response: Assist in incident response, investigating security breaches, and providing recommendations for securing applications against similar threats in the future.
Collaboration: Work closely with software developers and DevOps to ensure alignment and execution of security best practices across the entire SDLC.
Compliance & Governance: Ensure that applications meet compliance requirements such as HIPAA and participate in audits, as necessary.
Research & Development: Stay up to date with the latest security trends, threats, and tools to proactively defend against evolving cyber risks.
What you need
Education:
High school diploma or equivalent required. Bachelor's Degree or completion of a Computer Science Program from a Technical Trade School preferred.
Intermediate or advanced level positions require the following:
Minimum of two years of experience in application development, with a thorough knowledge of at least one programming language, is required.
Bonus if you have
Experience with C# .NET, Azure Isolated Functions and App Services, Blazor, and .NET 6 & 8.
Extensive experience with RESTful APIs, Swagger, and Open API docs.
Deep understanding of web application security vulnerabilities and their remediation (e.g., SQL injection, XSS, CSRF, etc.).
Strong knowledge of secure coding practices in languages such as Java, C#, JavaScript, Vue, React, etc.
Knowledge of Authorization and Authentication concepts such as SAML, OIDC, OAuth 2.0, and PKCE.
Experience with securing APIs.
Understanding of Zero Trust security models and Identity & Access Management (IAM).
Experience with OKTA.
Familiarity with cloud security (AWS, Azure, or GCP)
Benefits & Perks
Base compensation is only one component of your competitive Total Rewards package
Incentive pay program (EPIP)
Health/Vision/Dental insurance
6 weeks paid parental leave for new mothers and fathers
Fertility/Adoption assistance
2 weeks paid caregiver leave
5% 401(k) plan matching
Tuition reimbursement
Health & fitness benefits, discounts and resources