<p>Mosaic Health is a national care delivery platform focused on expanding access to comprehensive primary care</p> <p>for consumers with coverage across Commercial, Individual Exchange, Medicare, and Medicaid health plans.</p> <p>The Business Units which comprise Mosaic Health are multi-payer and serve nearly one million consumers</p> <p>across 19 states, providing them with access to high quality primary care, integrated care teams, personalized</p> <p>navigation, expanded digital access, and specialized services for higher-need populations. Through Mosaic</p> <p>Health, health plans and employers have an even stronger care provider partner that delivers affordability and</p> <p>superior experiences for their members and employees, including value-based primary care capacity</p> <p>integrated with digital patient engagement and navigation. Each of the companies within Mosaic Health</p> <p>provide unique offerings that together promise to improve individuals' health and wellbeing, while helping</p> <p>care providers deliver higher quality care. For more information, please visit www.mosaichealth.com or</p> <p>follow Mosaic Health on LinkedIn.</p> <p>Formed in 2008 and headquartered in Fort Myers, Florida, with offices in Florida, North Carolina, and Texas,</p> <p>Millennium Healthcare is the largest independent physician group in the state of Florida and one of the largest</p> <p>in the United States. At Millennium Physician Group, our employees are the foundation of our success. Our</p> <p>promise is to provide you with the tools to do your job successfully, as well as providing a team atmosphere</p> <p>that empowers you to seek better ways to deliver care to our patients and their families. We also promise to</p> <p>care for you as an individual and help you grow in your role.</p> <p>The Application Security Specialist will support all business units within Mosaic Health and is responsible for</p> <p>ensuring the security of our applications by identifying, analyzing, and mitigating vulnerabilities throughout the</p> <p>software development lifecycle (SDLC). This role requires expertise in secure coding practices, vulnerability</p> <p>management, penetration testing, and security tool integration.</p> <p>Responsibilities</p> <ul> <li>Conduct security code reviews and provide guidance on secure coding best practices. </li><li>Collaborate with developers to integrate security measures into the SDLC. </li><li>Identify and analyze potential security threats and risks in applications. </li><li>Assist with threat models and recommend mitigations to reduce risk. </li><li>Perform application security testing (SAST, DAST, IAST, RASP) to identify vulnerabilities. </li><li>Work with developers and DevOps teams to remediate security findings. </li><li>Implement and maintain security tools such as SAST/DAST scanners, WAFs, and SIEM integrations. </li><li>Assist with automating security testing within CI/CD pipelines. </li><li>Ensure applications comply with security standards such as OWASP, NIST, ISO 27001, and PCI-DSS. </li><li>Develop security policies, guidelines, and best practices for application security. </li><li>Support security incident investigations related to application vulnerabilities. </li><li>Assist with implementing corrective actions post-incident. </li><li>Demonstrate excellent guest service to internal team members and patients. </li><li>Perform other related duties as assigned. </li></ul> <p>Qualifications</p> <ul> <li>Bachelor's degree in cyber security, Information Technology, Computer Science, or a related field. </li><li>2+ years of experience in application security, penetration testing, or a related role. </li><li>Strong knowledge of OWASP Top 10, SANS 25, and secure coding practices. </li><li>Experience with SAST, DAST, IAST, RASP, and penetration testing tools (e.g., Burp Suite, Checkmarx, </li></ul> <p>Veracode, Fortify, ZAP).</p> <ul> <li>Familiarity with DevSecOps and integrating security into CI/CD pipelines. </li><li>Understanding of web, mobile, and cloud security principles. </li><li>Experience working with API security, authentication mechanisms (OAuth, JWT, SAML), and </li></ul> <p>encryption techniques</p> <ul> <li>Proficiency in secure coding practices for languages such as Java, Python, JavaScript, or C#. </li><li>Relevant security certifications such as CISSP, CEH, OSCP, GWAPT, or CSSLP. </li><li>A commitment to providing excellent service to internal team members and patients. </li><li>High level of professionalism and integrity in all interactions. </li><li>Ability to work independently in a fast-paced, cross-functional environment. </li></ul> <p>Physical Demands</p> <ul> <li>Sedentary work. Exerting up to 10 pounds of force occasionally and/or negligible amount of force </li></ul> <p>frequently or constantly to lift, carry, push, pull, or otherwise move objects. Repetitive motion.</p> <p>Substantial movements (motions) of the wrists, hands, and/or fingers. The worker must have close</p> <p>visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing;</p> <p>viewing a computer terminal; extensive reading. Ability to lift to 15 lbs. independently not to exceed</p> <p>50 lbs. without help.</p> <p>Equal Employment Opportunity</p> <ul> <li>Mosaic Health is an Equal Employment Opportunity employer and all qualified applicants will receive </li></ul> <p>consideration for employment without regard to age, citizenship status, color, creed, disability,</p> <p>ethnicity, genetic information, gender (including gender identity and gender expression), marital</p> <p>status, national origin, race, religion, sex, sexual orientation, veteran status or any other status or</p> <p>condition protected by applicable federal, state, or local laws.</p> <ul> <li>If you require an accommodation for the application or interview process, please let us know and we </li></ul> <p>will work with you to meet your needs. Please contact HRbenefits@mpgus.com for assistance.</p>