About Us
Zelis is modernizing the healthcare financial experience in the United States (U.S.) across payers, providers, and healthcare consumers. We serve more than 750 payers, including the top five national health plans, regional health plans, TPAs and millions of healthcare providers and consumers across our platform of solutions. Zelis sees across the system to identify, optimize, and solve problems holistically with technology built by healthcare experts – driving real, measurable results for clients.
Why We Do What We Do
In the U.S., consumers, payers, and providers face significant challenges throughout the healthcare financial journey. Zelis helps streamline the process by offering solutions that improve transparency, efficiency, and communication among all parties involved. By addressing the obstacles that patients face in accessing care, navigating the intricacies of insurance claims, and the logistical challenges healthcare providers encounter with processing payments, Zelis aims to create a more seamless and effective healthcare financial system.
Zelis India plays a crucial role in this mission by supporting various initiatives that enhance the healthcare financial experience. The local team contributes to the development and implementation of innovative solutions, ensuring that technology and processes are optimized for efficiency and effectiveness. Beyond operational expertise, Zelis India cultivates a collaborative work culture, leadership development, and global exposure, creating a dynamic environment for professional growth. With hybrid work flexibility, comprehensive healthcare benefits, financial wellness programs, and cultural celebrations, we foster a holistic workplace experience. Additionally, the team plays a vital role in maintaining high standards of service delivery and contributes to Zelis’ award-winning culture.
Position Overview
The position will report to the Head of Application Security and work in collaboration with application development teams to remediate security vulnerabilities identified through application security testing, as well as findings from third party penetration testing. You will serve as a bridge between security and development, providing hands-on guidance, secure coding recommendations, and technical expertise to ensure our applications remain secure and compliant.
This position is ideal for a software engineer with strong C# and JavaScript experience who is passionate about security and enjoys collaborating with others to improve the overall security posture of our applications.
Title
Secure Software Engineer
Overview
The position will report to the Head of Application Security and work in collaboration with application development teams to remediate security vulnerabilities identified through application security testing, as well as findings from third party penetration testing. You will serve as a bridge between security and development, providing hands-on guidance, secure coding recommendations, and technical expertise to ensure our applications remain secure and compliant.
This position is ideal for a software engineer with strong C# and JavaScript experience who is passionate about security and enjoys collaborating with others to improve the overall security posture of our applications.
Job Responsibilities
1. Partner with development teams to remediate vulnerabilities identified by DAST, SAST, and SCA scans, as well as third-party penetration tests.
2. Review, triage, and prioritize findings to ensure timely resolution based on business risk.
3. Provide secure coding guidance and best practices to developers across multiple teams.
4. Assist developers in debugging and fixing vulnerabilities within C# and JavaScript codebases.
5. Collaborate with Application Security and DevOps teams to integrate security into the SDLC.
6. Track and report remediation progress to stakeholders and leadership.
7. Participate in code reviews and recommend design improvements to reduce security risk.
8. Stay current on emerging security threats, vulnerabilities, and industry best practices.
Qualifications
Required
- 3+ years of experience in software engineering, application development, or application security.
- Proficiency in C# and JavaScript with hands-on experience debugging and fixing vulnerabilities in web applications.
- Understanding of secure coding practices, OWASP Top 10, SANS Top 25, PCI DSS, and common web application vulnerabilities.
- Experience working with at least one application security testing tool (e.g., App Scan, Burp Suite, Check Marx, Veracode, ZAP, or similar).
- Strong problem-solving and analytical skills with the ability to break down complex findings.
- Excellent collaboration and communication skills for working effectively with developers and cross-functional teams.
- Knowledge of cloud-native security, especially Azure or AWS environments.
Preferred
- Familiarity with Veracode DAST, SAST, and SCA specifically.
- Experience working in Agile or DevSecOps environments.
- Exposure to other languages and frameworks, such as Java, PHP, Python, Ruby, or TypeScript.
- Relevant certifications such as CSSLP, GWAPT, GWEB, or OSWE (a plus, not required)
