About Streamline:

Streamline’s mission is to build innovative technology solutions that empower people who improve behavioral health and quality of life of those in need. We are a high growth technology company that delivers web-based software for healthcare organization’s to provide and coordinate all service delivery processes. Streamline has been offering software in the behavioral health marketplace since 2003. Streamline has built and maintains systems for some of the nation’s premier behavioral health organizations using the latest web-based technology.

Streamline offers competitive compensation and benefits packages as well as a challenging, yet flexible, work environment that is conducive to collaboration and productivity. A career with Streamline Healthcare Solutions provides opportunities for growth and continued learning in a workplace where individual contribution is valued and recognized. Join us, and advance your career today with a company that is on the cutting edge of the behavioral healthcare technology industry.

Here at Streamline, we strive on building lasting and trusting relationships with our clients, and our employees set the bar.

Job Description: We are seeking a highly skilled and experienced Application Security Analyst to join our team. The successful candidate will be responsible for conducting comprehensive security assessments of our applications, identifying vulnerabilities, and providing guidance to development teams to ensure secure coding practices. The ideal candidate will have extensive experience in application security analysis, utilizing both static and dynamic testing techniques, and possess strong technical expertise in .Net, SQL, and Microsoft Azure technologies.

Responsibilities:

1. Conduct static application security testing (SAST) using tools like Wiz, Snyk, Veracode, etc., to identify security vulnerabilities within .Net, SQL, and Microsoft Azure technologies.
2. Perform dynamic application security testing (DAST) to detect security weaknesses and vulnerabilities in applications.
3. Perform continuous inspection of code quality with tools like SonarQube, etc.
4. Utilize secure code analysis techniques to identify and remediate vulnerabilities in software codebases.
5. Collaborate with development teams to provide guidance and assistance in resolving identified security issues.
6. Work closely with cross-functional teams to integrate security best practices into the software development lifecycle.
7. Stay up-to-date with emerging security threats, vulnerabilities, and industry best practices related to application security.
8. Assist in the development and implementation of security policies, standards, and procedures.
9. Participate in security reviews, audits, and assessments to ensure compliance with regulatory requirements and industry standards.
10. Provide technical expertise and support in incident response and security incident investigations.
11. Manage the identification, tracking, and remediation of security vulnerabilities within applications, ensuring timely resolution to mitigate risks.
12. Analyze source code and application configurations to identify security flaws and provide recommendations for secure coding practices.
13. Use various security testing tools and platforms such as Wiz, Snyk, Veracode, and others to automate security testing processes and enhance efficiency.
14. Assess the potential impact of security vulnerabilities and prioritize remediation efforts based on the level of risk to the organization.
15. Ensure that applications comply with relevant security standards, regulations, and industry best practices, such as GDPR, HIPAA, PCI DSS, etc.
16. Provide technical expertise and support during security incidents, including investigation, containment, and recovery activities.
17. Stay updated on emerging security threats, vulnerabilities, and technologies to continuously improve the organization's application security posture.
18. Collaborate with development teams, leveraging 6 to 9 years of hands-on and expert knowledge of MS technologies (ASP.NET, C#.NET, ADO.NET, jQuery, SQL Server, etc.), architectures, frameworks, and common design patterns to ensure secure development practices.
19. Utilize Microsoft's .NET infrastructure to create software solutions that meet security requirements.
20. Apply excellent working knowledge of SQL Server and database concepts to address security concerns.
21. Leverage experience in the healthcare domain to implement industry-specific security measures.
22. Act as a strong problem solver, conducting research and implementing best practices to deliver secure product solutions.
23. Facilitate the creation of large, complex developments by collaborating with co-workers as needed.
24. Conduct structured, planned, and formal code reviews, actively participating in design sessions to enhance security measures.
25. Provide quick turnaround on troubleshooting complex technical challenges, demonstrating creative problem-solving abilities, and resolving conflicts.
26. Deliver timely and accurate updates, along with suggestions, to facilitate informed decision-making.
27. Demonstrate excellent verbal and written communication skills, collaborating extensively with US counterparts.

Requirements:

• Bachelor's degree in Computer Science, Information Technology, or related field.
• Proven experience in application security analysis, including SAST, DAST, and secure code analysis & Code quality.
• Hands-on experience with security testing tools such as Wiz, Snyk, Veracode, SonarQube, etc.
• Proficiency in .Net, SQL, and Microsoft Azure technologies.
• Strong understanding of software development methodologies and practices.
• Experience with MS technologies (ASP.NET, C#.NET, ADO.NET, jQuery, SQL Server, etc.) and frameworks.
• Expertise in SQL Server and database concepts.
• Experience in the healthcare domain is preferred.
• Excellent problem-solving skills and willingness to research and learn.
• Ability to collaborate effectively with co-workers and US counterparts.
• Strong communication skills, both verbal and written.
• Industry certifications such as CISSP, CEH, or related certifications are a plus.