Internet Storm Center

Job Description

Description

Finvi (previously Ontario Systems) is looking for an Application Security Architect.

This position will be remote. You may work where you live anywhere in the United States.

The Role

The Security Architect is responsible for the technical security of our solutions, ensuring our products and services meet and surpass our security requirements, engineering teams are following security best practices, operations team is implementing correct security protocols, and for working with corporate security and operations on audits and certifications.

What You’ll Do

Perform security architecture design reviews of our products (primarily cloud).
Perform code analysis of large applications, manually and using SAST and DAST scanning solutions as well as conducting manual vulnerability analysis.
Provide remediation guidance and recommendations to developers and administrators.
Interface with the Customer Success team to discuss and track security feature enhancement requests from our global customers.
Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
Define security best practices and standards and ensure Product Development teams understand them and receive pertinent annual secure coding training Engage with the quality team to ensure high quality security testing.
Keep up to date on the latest security standards, systems, protocols, and products.
Ensure security architecture provides necessary outputs (logs, etc.) for security and compliance audits.
Estimate cost and budget for security technology or updates.
Ensure technical designs meet security architecture and best practices.
Architect and maintain security and threat modeling, alerting, and processes.
Partner with Architects and Product Managers to convert business requirements into an architecture blueprint and conceptual design, based on the Architecture standards, threat intelligence, and usage guidelines.
Manage projects to ensure targeted business outcomes. Ability to estimate and compare the financial impact of technology alternatives.
Serve as a trusted expert security advisor both internally and externally.

Qualifications and Education Requirements:

Bachelor’s Degree required.
Security certification preferred (CISSP, CASE, CASS, CSSLP, and GWEB etc.)
8-10 years in software development, 3+ years working with infrastructure and application security.
Experience working with development teams to build secure solutions.
Experience breaking down complex systems and applications to find flaws.
Proficiency in reading, writing, and auditing (Golang, Java, JavaScript, Perl, Mason, Vue, React, Cache, .NET) and the ability to pick up new languages/technologies.
Strong familiarity with common vulnerabilities and attack vectors.
Knowledge of web service technologies, load balancer services (i.e., Nginx, Cloudflare, F5, etc.) and RESTful APIs.
Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.).
Solid understanding of secure network and system design in both cloud (AWS, Azure, OCI etc.) and conventional environments.
The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management.
Excellent written and verbal communication skills, interpersonal and collaborative skills.
Must be a critical thinker, with strong problem-solving skills.
High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations, and best practices.

Experience:

Experience as an Application/Product Security Engineer, Architect or Developer.
A background integrating security testing into the SDLC.
Experience providing security training to developers.
Previous work as a technical security architect or related security role in a company where there is a commitment to information security and technology.
Additional programming languages such as (Golang, Java, JavaScript, Perl, Mason, Vue, React, Cache, .NET).
Demonstrated experience using DAST and SAST tools and services. Deep understanding and experience managing security infrastructure such as firewalls, ISPs, WAFs, vulnerability tools, endpoint protection, SIEM and log management technology.
Heavily engaged in the design and deployment of solutions encompassing both applications and infrastructure in a hybrid cloud environment.
Experience with Payment Card Industry Data Security Standards, HIPAA standards, NIST Framework, and privacy best practices.
Excellent communication and relationship building skills, ability to tailor messages to a wide variety of audiences, from executives to individual contributors.
Experience working with cross functional teams, including engineering, support, release, operations, product, quality, etc..
Preferred experience working and delivering cloud native SaaS products and services.

Visa sponsorship or transfer of an existing visa is not available for this position. You must be authorized to work directly for any employer in the United States without visa sponsorship or transfer.

Who We Are

Finvi is a premier provider of enterprise technologies that streamline and accelerate revenue recovery for clients in the healthcare, government, and accounts receivable management (ARM) markets. Through process automation and modern, compliance-minded communication and payment tools, Finvi helps its client partners generate more revenue at reduced cost and fulfill their organizational mission by effectively engaging patients, constituents, and consumers.

With offices in Indiana, Massachusetts, New Mexico, and Washington state as well as employees in more than 40+ states, Finvi is building on 40 years of success using a distinctly client-centric approach to innovation and service. A recognized brand in the revenue cycle management (RCM) market, Finvi helps 600+ hospital networks—including 5 of the 15 largest systems in the US—optimize cash collections and provide a single, satisfying patient financial experience. Finvi also serves 8 of the 10 largest ARM companies in addition to a number of state and municipal governments across the United States.

Why Finvi

Finvi is a fast-paced, challenging, and transforming technology company. Our culture fosters an environment where you can think creatively, push yourself to new possibilities, and challenge each other to accomplish personal and professional goals.

We believe every moment, every idea, and every voice counts. By bringing together different ideas and perspectives, we have the opportunity to innovate and step forward.

Our values embody who we are: Own Your Impact, Act Transparently, Have Grit, Embrace Differences and Row Together.

Although we describe what we are generally looking for, we are likely missing other attributes and skills that may make you a great fit. We’d hate to miss out! It doesn’t hurt to take a chance and apply!

What’s In It For You

Finvi offers, for most positions, a flexible work environment*
Hybrid or remote unless otherwise identified*
Ample PTO for non-exempt and Flexible Time Off* for exempt roles to keep up with today’s varied lifestyles
Competitive pay and 401(k) with employer match
Health insurance with wellness discounts, medical, dental, and vision care
Three (3) weeks Paid Parental Leave for new parents
Eight (8) Paid Holidays throughout the year
We invest in our employees through educational assistance and learning and development
Robust Wellness Program includes opportunities to earn money for your Health Savings Account (HSA) or Health Reimbursement Account (HRA)
Paid Volunteer Time Off Program to make a difference in your community
Learn more about what Finvi offers here: https://finvi.com/about-us/careers/

*Limitations may apply based on role and company need

The typical base pay range for this role across the U.S. is USD $99,900 - $199,100 per year.

Finvi has different base pay ranges for different work locations within the United States, which allows us to pay employees competitively and consistently in different geographic markets. The range above reflects the potential base pay across the U.S. for this role (the applicable base pay range will depend on what ultimately is determined to be the candidate’s primary work location). Individual base pay depends on various factors, in addition to primary work location, such as complexity and responsibility of role, job duties/requirements, and relevant experience and skills. Offers are made within the base pay range applicable at the time.

At Finvi, certain roles are eligible for additional rewards, including merit increases, annual bonus, and equity. These awards are allocated based on individual performance and role. In addition, certain roles also have the opportunity to earn sales incentives based on revenue depending on the terms of the plan and the employee’s role.

Equal Employment Opportunity & Affirmative Action Policy

It is Finvi’s policy to provide equal opportunity and access for all persons, without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, or status as a disabled veteran or other protected veteran, or any other protected characteristic under applicable law. This policy relates to all phases of employment, including, but not limited to, recruiting, employment, placement, promotion, transfer, demotion, reduction of workforce and termination, rates of pay or other forms of compensation, selection for training, the use of all facilities, and participation in all Company-sponsored employee activities. Provisions in applicable laws providing for bona fide occupational qualifications, business necessity or age limitations will be adhered to by the Company where appropriate.

Finvi Welcomes All.