Lyric, formerly ClaimsXten, is a leading healthcare technology company, committed to simplifying the business of care. Over 30 years of experience, dedicated teams, and top technology help deliver more than $14 billion of annual savings to our many loyal and valued customers—including 9 of the top 10 payers across the country. Lyric’s solutions leverage the power of machine learning, AI, and predictive analytics to empower health plan payers with pathways to increased accuracy and efficiency, while maximizing value and savings. Lyric’s strong relationships as a trusted ally to customers resulted in recognition from KLAS as “true partner” and “excellent value for investment,” with a top score for overall customer satisfaction and A+ likelihood to recommend in their October 2023 Payment Integrity and Accuracy Report. Discover more at Lyric.ai .

Position Specification: Lyric’s Application Security Principal reports to the CISO and is responsible for defining, developing, and maturing the application security program. This is a hands-on position requiring day-to-day interaction with architects and senior developers. This individual will be responsible for ensuring the security of our software products and development processes.

The Application Security Principal also develops and implements comprehensive strategies, and procedures to improve the Secure Software Development Life Cycle and will work closely with stakeholders across the Software Engineering organization to ensure security is built into the software Lyric delivers. The ideal candidate must have a deep understanding of application and infrastructure related threat vectors as well as best practices to protect against these threats. This is a hands-on role with significant interaction with developers and other technical resources.

ESSENTIAL JOB RESPONSIBILITIES & KEY PERFORMANCE OUTCOMES

Leadership and Strategy:

• Develop and implement a comprehensive application security strategy aligned with the company’s goals and objectives

• Collaborate with cross-functional teams, including software development, DevOps, IT, cloud ops, and product management, to integrate, automate, and scale security into all stages of the software development lifecycle

• Develop metrics and reporting to demonstrate the effectiveness of the program

• Application Security Program:

• Establish and maintain application security policies, standards, and guidelines

• Oversee the implementation of secure coding practices and security testing procedures

• Maintain application security policies for toolsets in use

• Perform Threat Modeling to identify application and infrastructure threat vectors for internal applications, partners, and other 3rd parties who will integrate into the environment

• Review scan results and determine false positives

• Configure tools to remove duplicates and false positives from results

• Work side-by-side with engineering teams to execute the Application Security program

• Manage the application security tools and technologies, ensuring they are effectively used to identify and mitigate risks

• Automate and scale the program

• Ensure code released to production is free from security vulnerabilities that would put Lyric’s, customer’s data at risk

• Risk Management and Compliance:

• Identify, assess, and prioritize application security risks, and develop mitigation strategies

• Ensure compliance with relevant security standards, regulations, and best practices (e.g., OWASP, NIST)

• Monitor and respond to emerging application security threats and vulnerabilities, ensuring timely updates to security development practices and application security controls

• Training and Awareness:

• Develop and manage a Security Advocate program including training and awareness for software developers and other relevant staff

• Promote a culture of security awareness and continuous improvement within the development teams

Required Qualifications

• Bachelor's degree with 7+ years of experience in information security, with 5+ years focused on application security and 3+ years in a leadership/Principal role, OR no degree and 11+ years of experience in information security, with 9+ years focused on application security and 3+ years in a leadership/Principal role

• 3+ years experience in a highly regulated industry (like healthcare or financial data)

• 5+ years application security tools, such as static and dynamic analysis tools, web application firewalls, and vulnerability scanners, SAST/DAST

• 3+ years of developing in common Knowledge of common programming languages (e.g., Java, C#, Python, JavaScript) and related security issues

• 2+ years AWS cloud security principles and technologies

Preferred Qualifications

• Strong application architecture background as well as a strong implementer of applications

• Strong understanding of software development methodologies, including Agile and DevSecOps

• Expertise in secure coding practices and application security testing techniques

• Past experience creating and running Security Advocate programs

• Experience with application and infrastructure related external threats and how to defend against these threats

• Relevant security certifications, such as CISSP, CSSLP, CEH, or GWAPT, are highly desirable

• Exceptional analytical and problem-solving skills

• Effective communication and interpersonal skills, with the ability to communicate complex regulatory concepts to diverse audiences

• Strong leadership and team management skills

• Attention to detail and a commitment to upholding the highest ethical standards

*The US base salary range for this full-time position is:

$171,992.68 - $257,989.02

The specific salary offered to a candidate may be influenced by a variety of factors including but not limited to the candidate’s relevant experience, education, and work location. Please note that the compensation details listed in US role postings reflect the base salary only, and does not reflect the value of the total rewards compensation. *

Lyric is an Equal Opportunity Employer that drives superior business results by understanding and leveraging diversity. We strive to maximize the productivity and performance of our employees by fostering a winning team spirit and high personal accountability. Everyone is encouraged to respond including women, people of color, veterans, people with disabilities, all lifestyles, beliefs and generational diversity.