Jobs · Information Technology · Nebraska

Sr Applications Security Engineer

Information TechnologyFull-time

About the role

The Senior Application Security Engineer at Blue Cross and Blue Shield of Nebraska is a technical leader responsible for implementing and operating secure software development practices across the enterprise. This role focuses on static and dynamic code analysis, DevSecOps integration, AI-related code risk, and risk-based vulnerability management.

Responsibilities

  • Own and operate application security tooling, including SAST, DAST, and software composition analysis, ensuring tools are tuned, effective, and aligned to business risk.
  • Embed application security into CI/CD pipelines and development workflows to support shift-left security while minimizing developer friction.
  • Perform secure code reviews and validate vulnerabilities for exploitability, impact, and remediation feasibility.
  • Define and maintain secure coding standards, guidance, and reusable security patterns for development teams.
  • Establish guardrails and review expectations for AI-assisted and AI-generated code, reducing unowned and unmanaged application risk.
  • Partner with development teams to triage findings, reduce false positives, and drive effective remediation.
  • Apply risk-based decision making aligned to organizational risk appetite and compliance frameworks (NIST, HIPAA, SOC 2).
  • Support application threat modeling and identification of architectural security gaps.
  • Collaborate with cloud, platform, and identity teams to ensure applications integrate securely with enterprise services.
  • Contribute to audit readiness, evidence collection, and regulatory support related to application security controls.
  • Reduce single-points-of-failure by documenting processes, mentoring others, and improving program resiliency.

Requirements

  • Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
  • 6 years of experience in application security, secure software development, or DevSecOps.
  • Hands-on experience with SAST, DAST, and dependency scanning tools, including tuning and operational ownership.
  • A strong understanding of application vulnerability classes (OWASP Top 10, APIs, authentication, authorization).
  • Experience integrating security into CI/CD pipelines and development workflows.
  • Proven ability to assess risk, prioritize remediation, and clearly communicate decisions.
  • Comfort working independently, taking ownership, and driving outcomes with minimal oversight.
  • Strong communication skills with the ability to work effectively with developers, architects, and leadership.

Qualifications

  • The ability to meet or exceed the attendance and timeliness requirements of their departments.
  • On-call work may be required based on business needs and role assignment.
  • The ability to work well in a team environment and be capable of building and maintaining positive relationships with other staff, departments, and customers.

Skills

  • Experience in healthcare or other regulated industries.
  • Familiarity with Azure PaaS and cloud-native application architectures.
  • Exposure to AI-assisted development risks, automation, or modern code-generation tools.
  • Threat modeling experience and security design review participation.
  • Scripting or automation experience (Python, PowerShell, Bash).
  • Relevant certifications (CSSLP, GWAPT, CISSP, or equivalent).

Benefits

Learn more about what makes BCBSNE such an exceptional place to work by visiting NebraskaBlue.com/Careers. We strongly believe that diversity of experience, perspective and background will lead to a better workplace for our employees and a better product for our customers and members.

Similar jobs

Sr Security Engineer

MeijerMichigan, United States· 1 wk ago
Information Technologyapply on meijer.wd5.myworkdayjobs.com

Sr Systems Security Engineer

Sierra Nevada CorporationLone Tree, CO· 2 wk ago
Information Technology$143k–$197k/yrapply on snc.wd1.myworkdayjobs.com