Sr Applications Security Engineer
Blue Cross and Blue Shield of Nebraska · Omaha, NE · 2 wk ago
Information TechnologyFull-time
About the role
The Senior Application Security Engineer at Blue Cross and Blue Shield of Nebraska is a technical leader responsible for implementing and operating secure software development practices across the enterprise. This role focuses on static and dynamic code analysis, DevSecOps integration, AI-related code risk, and risk-based vulnerability management.
Responsibilities
- Own and operate application security tooling, including SAST, DAST, and software composition analysis, ensuring tools are tuned, effective, and aligned to business risk.
- Embed application security into CI/CD pipelines and development workflows to support shift-left security while minimizing developer friction.
- Perform secure code reviews and validate vulnerabilities for exploitability, impact, and remediation feasibility.
- Define and maintain secure coding standards, guidance, and reusable security patterns for development teams.
- Establish guardrails and review expectations for AI-assisted and AI-generated code, reducing unowned and unmanaged application risk.
- Partner with development teams to triage findings, reduce false positives, and drive effective remediation.
- Apply risk-based decision making aligned to organizational risk appetite and compliance frameworks (NIST, HIPAA, SOC 2).
- Support application threat modeling and identification of architectural security gaps.
- Collaborate with cloud, platform, and identity teams to ensure applications integrate securely with enterprise services.
- Contribute to audit readiness, evidence collection, and regulatory support related to application security controls.
- Reduce single-points-of-failure by documenting processes, mentoring others, and improving program resiliency.
Requirements
- Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
- 6 years of experience in application security, secure software development, or DevSecOps.
- Hands-on experience with SAST, DAST, and dependency scanning tools, including tuning and operational ownership.
- A strong understanding of application vulnerability classes (OWASP Top 10, APIs, authentication, authorization).
- Experience integrating security into CI/CD pipelines and development workflows.
- Proven ability to assess risk, prioritize remediation, and clearly communicate decisions.
- Comfort working independently, taking ownership, and driving outcomes with minimal oversight.
- Strong communication skills with the ability to work effectively with developers, architects, and leadership.
Qualifications
- The ability to meet or exceed the attendance and timeliness requirements of their departments.
- On-call work may be required based on business needs and role assignment.
- The ability to work well in a team environment and be capable of building and maintaining positive relationships with other staff, departments, and customers.
Skills
- Experience in healthcare or other regulated industries.
- Familiarity with Azure PaaS and cloud-native application architectures.
- Exposure to AI-assisted development risks, automation, or modern code-generation tools.
- Threat modeling experience and security design review participation.
- Scripting or automation experience (Python, PowerShell, Bash).
- Relevant certifications (CSSLP, GWAPT, CISSP, or equivalent).
Benefits
Learn more about what makes BCBSNE such an exceptional place to work by visiting NebraskaBlue.com/Careers. We strongly believe that diversity of experience, perspective and background will lead to a better workplace for our employees and a better product for our customers and members.