Job Description

R1 RCM India is proud to be recognized amongst India\'s Top 50 Best Companies to Work For\xe2\x84\xa2 2023 by Great Place To Work\xc2\xae Institute. We are committed to transform the healthcare industry with our innovative revenue cycle management services. Our goal is to \xe2\x80\x98make healthcare simpler\xe2\x80\x99 and enable efficiency for healthcare systems, hospitals, and physician practices. With over 30,000 employees globally, we are about 14,000 strong in India with offices in Delhi NCR, Hyderabad, Bangalore, and Chennai. Our inclusive culture ensures that every employee feels valued, respected, and appreciated with a robust set of employee benefits and engagement activities. Summary of Position: The Senior Staff Engineer (Application Security) supports the ongoing effort to strengthen the security posture of R1\xe2\x80\x99s application ecosystem. The Senior Staff Engineer (Application Security) will perform application security assessments, validate vulnerability scans, perform code and architecture reviews, and serve our software and DevOps engineers by providing help and guidance in secure software development. Key Activities: Review, validate, and triage scan results from SAST, SCA, DAST, and IAST tools, and coordinate with engineering to ensure findings are remediated. Administer, configure, and support application security testing tools. Support efforts to research and vet new AST tools as needed. Collaborate with product managers, architects, and engineers on defining, prioritizing, and implementing new security focused improvements, enhancements, or fundamental architectural design changes. Continuously shift left to anticipate, catch, and/or mitigate security flaws as early as possible in the SDLC. Forever learn; stays current on application security tools, practices, and methodology. Partner with DevOps and other engineering team members to ensure code is secure before it goes into production. Design and implement automated DevSecOps practices into product CI/CD pipelines and cloud environments. Design and implement software changes to support alignment with compliance standards (SOC2, HIPAA, PCI, etc.). Advocate for and improve security throughout the SDLC. Provide training and mentorship on secure coding best practices to engineering team members. Be a champion of security within the organization by defining best practices and pushing for both technical and cultural change. Act as a subject matter expert in secure engineering practices. Consult with development to provide mentorship and recommend secure design patterns. Remain ahead of emerging and active threats: review and apply the latest security research / threat intelligence. Support 3rd-party pen testing engagements as needed for compliance, etc. Flexibility to work across other Application defense areas like WAF (Web Application Firewall), API Security etc Flexibility to work across development teams in India and US and be a trusted partner with the Engineering teams. Requirements 3-5 years of experience in software engineering. Experience with one or more major programming languages (C#/.NET, Java) and scripting languages (e.g., bash, PowerShell, and/or Python). Solid understanding of the full web application technology stack, from front-end JavaScript and SPA architecture, to server-side business logic and relational/NoSQL databases. Must be able to work well with software development teams. Understanding of SDLC and Agile/Scrum process frameworks, and ability to advocate for and shepherd application security initiatives within that context. Familiarity with application security testing approaches (SAST, DAST, IAST, etc.) and tools (Burp Suite, ZAP, SonarQube, Rapid7 InsightAppSec, Synopsys Coverity, etc.). Familiarity with DevOps and CI/CD platforms, tools, and best practices, such as Docker, Kubernetes, IaC. Familiarity with cloud service providers and their offerings, especially Microsoft Azure and IBM Cloud. Familiarity with API security best practices. Understanding of industry compliance standards, such as HIPAA and PCI DSS.

Working in an evolving healthcare setting, we use our shared expertise to deliver innovative solutions. Our fast-growing team has opportunities to learn and grow through rewarding interactions, collaboration and the freedom to explore professional interests.

Our associates are given valuable opportunities to contribute, to innovate and create meaningful work that makes an impact in the communities we serve around the world. We also offer a culture of excellence that drives customer success and improves patient care. We believe in giving back to the community and offer a competitive benefits package. To learn more, visit:

Visit us on

R1 RCM