Application Security Engineer

We are more than a health system. We are a belief system. We believe wellness and sickness are both part of a lifelong partnership, and that everyone could use an expert guide. We work hard, care deeply and reach further to help people uncover their own power to be healthy. We inspire hope. We learn, grow, and achieve more in our careers and in our communities.

Job Description Summary:

The Application Security Engineer is a technical role responsible for providing engineering research, design, and support for a wide range of OhioHealth applications. This role will work closely with development teams, vendors, IT, and EIS to integrate risk-based security into all aspects of the software development and operations lifecycle through secure design, testing, and operation.

The role will report to Director Cybersecurity and collaborate with developers, architects, and security staff across IT and EIS. The role will not manage direct reports.

Responsibilities And Duties:

Perform application security assessments including code reviews, vulnerability scanning, and penetration testing (manual and tool supported) across OhioHealth applications

Partner with internal development teams and vendors to identify and triage security vulnerabilities in a risk-based manner

Develop and maintain secure coding, DevSecOps, and related guidelines

Support threat modeling exercises

Respond to application security related incidents; support forensics when required

Contribute to security awareness training and exercises

LOCATION
This role is located in OhioHealths facility in Central Ohio and majority time in office is expected subject to OhioHealth remote work policies. Local candidates preferred; Relocation support is not available.

Minimum Qualifications:

Bachelor's Degree

Additional Job Description:

• Degree preferred.
• Three to five years of experience in application security, software development, or a closely related engineering discipline expected.

SPECIALIZED KNOWLEDGE

• Broad understanding of modern application architectures including web, mobile, API, and cloud-native applications.
• Deep familiarity with secure coding practices and common vulnerability classes (OWASP, CWE, and similar).
• Experience with application security testing tools, techniques, and risk frameworks including SAST, DAST, and offensive testing.
• Working knowledge of the Microsoft enterprise cloud security ecosystem.
• Experience with modern DevSecOps workflows and CI/CD pipelines
• Familiarity with healthcare-specific technologies including Epic, medical devices, and clinical network infrastructure
• Expert level developer in at least one modern programming language and working familiarity with other languages sufficient to lead code reviews and threat modeling
• Cybersecurity certifications preferred (CSSLP, CEH, GWAPT, and similar)

DESIRED ATTRIBUTES

Self-starting worker who can make progress independently

Collaborates effectively in a team environment

Excellent communication skills, with ability to translate technical notation into business language

Detail oriented with advanced critical thinking skills

Work Shift:

Day

Scheduled Weekly Hours :

40

Department

Information Security

Join us!
... if your passion is to work in a caring environment
... if you believe that learning is a life-long process
... if you strive for excellence and want to be among the best in the healthcare industry

Equal Employment Opportunity

OhioHealth is an equal opportunity employer and fully supports and maintains compliance with all state, federal, and local regulations. OhioHealth does not discriminate against associates or applicants because of race, color, genetic information, religion, sex, sexual orientation, gender identity or expression, age, ancestry, national origin, veteran status, military status, pregnancy, disability, marital status, familial status, or other characteristics protected by law. Equal employment is extended to all person in all aspects of the associate-employer relationship including recruitment, hiring, training, promotion, transfer, compensation, discipline, reduction in staff, termination, assignment of benefits, and any other term or condition of employment