AppSec Jobs
← Back to all jobs

OhioHealth

Application Security Engineer

Columbus, OHPosted 2 days agoWebsite
Apply on LinkedIn →

About This Role

Job posting data extraction from provided markdown not sufficient for complete job description - primary job details were contained in Workday portal which did not load complete content in the provided markdown data.

About OhioHealth

OhioHealth is a not-for-profit healthcare system based in Columbus, Ohio. It operates 15 hospitals, three joint-venture hospitals, one managed hospital, and over 200 ambulatory sites across 47 to 50 counties in Ohio. With a workforce of approximately 35,000 associates, physicians, and volunteers, OhioHealth is dedicated to improving community health and providing exceptional care. Founded in 1891, OhioHealth has evolved through various mergers and rebranding, with a mission focused on accessibility and quality healthcare. The system offers a wide range of medical services, including trauma care, orthopedics, heart and vascular care, neurosciences, and cancer care. It is recognized for its specialized programs, such as the Center for Blood Conservation and a human donor milk bank for premature infants. OhioHealth emphasizes community outreach and innovation in healthcare delivery, ensuring comprehensive support for the populations it serves.

Industry

hospital & health care

Employees

35,000

195 engineers

Revenue

$7.0B

Website

Visit →

Security at OhioHealth

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

OhioHealth's security philosophy is centered on risk assessment and the enforcement of controls within the application architecture. The organization emphasizes a collaborative approach between security and business units to ensure security is integrated into the design phase of services. * **Stated AppSec Mission:** Information not publicly available. * **Developer Enablement vs. Gatekeeping:** The team focuses on integration and enforcement. "enforces security controls for the application or service architecture" – Indeed (JK: f3e7ea38a6a6272e), * **Risk Philosophy:** The organization prioritizes the assessment of threats and vulnerabilities. "assess system and application security threats and vulnerabilities" – Indeed (JK: f3e7ea38a6a6272e), * **General Security Commitment:** "We have adopted reasonable data collection, storage, and processing practices and security measures" – OhioHealth.com

Security Team

  • OhioHealth's security functions are organized under a Cybersecurity leadership structure.
  • Roles within the department are documented to report to a 'Cybersecurity Functional Leader.' The team is led by Nathan Arlington, who serves as the Senior Director and Chief Information Security Officer.
  • The team is actively hiring, with job postings emphasizing collaboration between security personnel, architects, business analysts, and product owners to integrate security controls into the application and service architecture. **Key Public-Facing Leaders:** * Nathan Arlington, Senior Director, Chief Information Security Officer – https://www.linkedin.com/in/nathan-arlington * Key Quote: "I currently serve as the Senior Director and Chief Information Security Officer" – Nathan Arlington LinkedIn, **Team Size Estimate (as_of:):** * LinkedIn Search Query Used: site:linkedin.com/in/ "OhioHealth" ("Application Security" OR "Cybersecurity" OR "Information Security") * Result: ~50-100 (Total Security/IT Risk functions) **Active AppSec Job Postings (as_of:):** * Count: 4 * Common Skill/Tool Patterns: Integration of security controls, application security threat assessment, and collaboration with product owners.

Key Initiatives

OhioHealth's security initiatives focus on the creation of governance artifacts and the integration of security into the development lifecycle through collaboration with product teams. * **Security Champions Program:** No Evidence Found. * **"Shift Left" in Practice:** While not explicitly termed 'shift left,' evidence shows security involvement in early design. "integrating security controls" – Indeed (JK: 98425975f98444cd), * **Vulnerability Management Process:** * **Intake/Triage:** The team is responsible for assessing application security threats. "assess system and application security threats and vulnerabilities" – Indeed (JK: f3e7ea38a6a6272e), * **Secure SDLC Artifacts:** The team develops and maintains the governance framework for security. "Policies, standards, procedures" – Indeed (JK: 10b0f50c7176f2b8), * **Audit & Compliance:** "Support internal and external audit preparation" – Indeed (JK: 10b0f50c7176f2b8), * **Training:** "developing training materials" – Indeed (JK: 10b0f50c7176f2b8)

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn