Blue Cross And Blue Shield Of Nebraska

Healthcare

SrApplicationsSecurityEngineer

omaha, nebraska, united states FULL TIME Remote Friendly

The Brief

“Sr Applications Security Engineer at Blue Cross And Blue Shield Of Nebraska. Skills: application security capabilities, secure software development practices, DevSecOps integration, AI-related code risk, risk-based vulnerability management, SAST, DAST, software composition analysis, CI/CD integration, secure code reviews, secure coding standards, AI-assisted code risk reduction, vulnerability triage, risk-based decision making, threat modeling, architectural security. Own and operate application”

What You'll Achieve.

deliver practical, scalable security solutions; reducing unowned and unmanaged application risk; drive effective remediation; improve program resiliency

Industry & Context.

Healthcare

Problems you'll solve

assess risk; prioritize remediation; reduce false positives

Eligibility Requirements

On-call work may be required based on business needs and role assignment, The ability to meet or exceed the attendance and timeliness requirements of their departments

What They're Looking For.

Must Have

Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience), 6 years of experience in application security, secure software development, or DevSecOps, Hands‑on experience with SAST, DAST, and dependency scanning tools, including tuning and operational ownership, understanding of application vulnerability classes (OWASP Top 10, APIs, authentication, authorization), Experience integrating security into CI/CD pipelines and development workflows, Proven ability to assess risk, prioritize remediation, and clearly communicate decisions, Comfort working independently, taking ownership, and driving outcomes with minimal oversight, communication skills with the ability to work effectively with developers, architects, and leadership, The ability to meet or exceed the attendance and timeliness requirements of their departments, The ability to work well in a team environment and be capable of building and maintaining positive relationships with other staff, departments, and customers

Nice to Have

Experience in healthcare or other regulated industries, Familiarity with Azure PaaS and cloud‑native application architectures, Exposure to AI‑assisted development risks, automation, or modern code‑generation tools, Threat modeling experience and security design review participation, Scripting or automation experience (Python, PowerShell, Bash), Relevant certifications (CSSLP, GWAPT, CISSP, or equivalent)

What You'll Do.

Own and operate application security tooling

and software composition analysis

Embed application security into CI/CD pipelines and development workflows

Perform secure code reviews and validate vulnerabilities

Define and maintain secure coding standards

and reusable security patterns

Establish guardrails and review expectations for AI‑assisted and AI‑generated code

Partner with development teams to triage findings

reduce false positives

and drive effective remediation

Apply risk‑based decision making aligned to organizational risk appetite and compliance frameworks

Support application threat modeling and identification of architectural security gaps

Collaborate with cloud

and identity teams to ensure applications integrate securely with enterprise services

Contribute to audit readiness

and regulatory support related to application security controls

Reduce single‑points‑of‑failure by documenting processes

and improving program resiliency

How You'll Work.

Team & Collaboration

partner effectively with engineering, architecture, and risk teams; Partner with development teams; Collaborate with cloud, platform, and identity teams; work effectively with developers, architects, and leadership; work well in a team environment; building and maintaining positive relationships with other staff, departments, and customers

Communication Scope

communication skills with the ability to work effectively with developers, architects, and leadership; clearly communicate decisions

Process & Methodology

take ownership of outcomes, driving outcomes with minimal oversight

Free ATS check

Applying for this Sr Applications Security Engineer role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

Skill Signal 49 detected

Core

secure code reviews ×5

threat modeling ×5

automation ×4

Required

risk-based vulnerability management ×3

SAST ×3

DAST ×3

software composition analysis ×3

secure coding standards ×3

static and dynamic code analysis ×3

vulnerability validation ×3

architectural security gaps identification ×3

scripting ×3

application security capabilities ×2

Nice to have

APIs

authentication

authorization

NIST

HIPAA

SOC 2

cloud

platform

identity

cloud‑native application architectures

Behavioural

partner effectively with engineering, architecture, and risk teams

operate independently

take ownership of outcomes

partner with development teams

drive effective remediation

work effectively with developers, architects, and leadership

work well in a team environment

building and maintaining positive relationships

Role Details

Seniority

senior

Work Mode

Hybrid

Type

FULL TIME

Experience

6–10 yrs

Education

Bachelor’s degree in Computer Science, I

AI-Extracted Insights

Domain Areas

healthcare-or-other-regulated-industries

Certifications

CSSLP

GWAPT

CISSP

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about Blue Cross And Blue Shield Of Nebraska?

Real rants from real employees. Read before you apply.

Read Company Rants →