• Information Security Architect

    Job Location US-OR-Portland
    Posted Date 1 month ago(5/21/2018 12:38 PM)
    Job ID
  • Overview

    WebMD’s Health Services business enables employers and health plans to provide their employees and plan members with access to personalized health and benefit information, decision support technology that helps them make informed benefit, provider and treatment choices and provides telephonic health coaching services.


    All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status


    WebMD Health Services is looking for an experienced security architect to support the analysis, definition, and implementation of application security processes and technology as a member of our information security team. As a member of the information security team, you will work side-by-side across the organization with technology, client services, product management, sales, and our customer contact center to build, demonstrate, define and implement solutions for our next generation of web-based health management applications and services.


    Additional Responsibilities include:

    • Design, implement, document, and promote application security solutions, technical and administrative security controls, security and privacy product requirements and acceptance criteria
    • Provide security training, documentation, and guidance to technical and non-technical audiences
    • Provide support in the areas of secure coding practices, threat modeling, security architecture review and vulnerability assessment
    • Work effectively across the organization to promote security and privacy practices and awareness
    • Participate in security incident response activities
    • Operate and evaluate application scanning, testing, and review tools


    *As a member of WebMD Health Services, you may have access to confidential information that will require you to follow additional protocols to ensure the security of our data. As a core requirement, you must implement and act in accordance with the organization’s information security policies; protect assets from unauthorized access, disclosure, modification, destruction or interference; execute security processes or activities; and report security events or potential events or other security risks to the appropriate parties within the organization.



    • BS/MS in Computer Science or related field, or equivalent experience
    • At least 5 years of experience in software development, Information Security, or preferably both
    • Experience with web application and security architectures, C#/.NET preferred
    • Familiarity with threats, vulnerabilities, attack methods and countermeasures for web-based applications, including threat modelling, secure coding, and vulnerability testing
    • Familiarity with regulatory and standards requirements and practices (one or more of HIPAA/HITECH, ISO 27000 series, NIST 800 series SPs, HITRUST CSF)
    • Knowledge of application security and development processes and technologies including authentication, encryption, public key infrastructure, and secure communication protocols
    • Strong written and verbal communication skills, and strong interpersonal skills essential
    • Familiarity with industry-standard software design patterns
    • Independent time management skills
    • Ability to explain technical security and software development concepts to non-technical audiences



    • Industry certifications such as GIAC, CISSP are a strong plus
    • DevOps  and/or Continuous Integration and release experience
    • Familiarity with security audit processes and formal responses
    • Familiarity with Risk management processes and principles
    • Knowledge of encryption and key management best practices
    • Knowledge of data classification and storage concepts