Covetrus is a global animal-health technology and services company dedicated to empowering veterinary practice partners to drive improved patient health and financial outcomes. Headquartered in Portland, Maine, with more than 5,000 employees and more than 100,000 global customers, our passion for the well-being of animals and those who care for them drives us to advance the world of veterinary medicine. In the USA, we bring together products, services, and technology into a single platform that connects our customers to the solutions and insights they need to work best. Now, our mission is to bring this technology to veterinarians and their clients worldwide.

SUMMARY

In your role as an Application Security Engineer, you will work closely with development teams to ensure the software solutions they're building and maintaining are secure. You will collaborate with stakeholders across the business including engineering, quality, project management, IT, and DevOps. You will review and threat model designs, perform secure code reviews, analyze potential risks, and guide teams to avoid or mitigate items; ensuring software solutions protect Covetrus, our partners, and the pet parents who utilize our solutions.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Partner with product leaders to continually improve their security processes to keep security an integral part of the software development lifecycle.
• Review feature designs providing security assessments, guidance on secure implementation best practices, and threat modelling of potential risks.
• Assist in training teams on application security principles.
• Participate in architectural design reviews providing secure best practices and guidance for individual components and infrastructure patterns.
• Establish and maintain documentation including mitigation guidance for specific vulnerabilities, risks, and project specific standards.
• Assist teams in reproducing and triaging application security vulnerabilities.
• Developing new automation rules and patterns to identify and prevent future occurrences of potential vulnerabilities.
• Perform secure code reviews, leading engineering teams on resolution of discoveries.
• Analyze applications through manual penetration testing and various available security tools.

QUALIFICATIONS:

• Bachelor's degree in relevant field of study, or equivalent work experience.
• 7 years of experience in software development, quality assurance, or application security.
• Expert knowledge of common web vulnerabilities and ability to work with engineering and product teams to understand and protect against those vulnerabilities.
• Proficiency with security controls, vulnerability assessments, and risk management methodologies.
• Strong understanding of application security principles and how to defend against their abuse.
• Experience with application security tools (SAST, DAST, SCA/SBOM, container analysis, infrastructure configuration management)
• Experience identifying security issues through code review.
• Familiarity with C#, Java, Python, React, Angular, AWS, OAuth2, Kubernetes, microservice architecture, CQRS, GraphQL.

COMPETENCIES (Skills and Abilities):

• Strong interpersonal and communication skills to effectively collaborate with stakeholders at all levels of the organization.
• Proficient in threat modeling, risk assessment, defensive software development practices, and securing cloud infrastructure management.
• Information Security certifications encouraged.
• Familiarity with agile software development practices.
• Experience working in a regulated industry, such as healthcare or finance, is a plus.
• Attention to detail and a commitment to maintaining the highest standards of data security and privacy.

PHYSICAL DEMANDS/WORK ENVIRONMENT

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Remote working environment; or
• Pet-friendly office environment
• Extensive computer use

Covetrus is an equal opportunity/affirmative action employer. It does not discriminate against applicants or employees on the basis of race, color, religion, creed, national origin, ancestry, disability that can be reasonably accommodated with undue hardship, sex, sexual orientation, age, citizenship, marital or veteran status, or any other legally protected status.

Salary may vary depending on factors such as confirmed job-related skills, experience, and location.

However, the pay range for this position is as follows.

We offer the following benefits for you to take advantage of while you are here provided you meet the eligibility requirements under each governing program:

* 401k savings & company match

* Paid time off

* Paid holidays

* Maternity leave

* Parental leave

* Military leave

* Other leaves of absence

* Health, dental, and vision benefits

* Health savings accounts

* Flexible spending accounts

* Life & disability benefits

* Identity theft protection

* Pet insurance

* Sales Positions are eligible for a Variable Incentive

* Certain positions may include eligibility for a short term incentive plan

Covetrus is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.