Application Security Engineer [Remote-US]

View full description

Requirements:

• 3 - 5 years of experience in information security, with at least 2 years of experience in application security engineering.
• Experience in working with software development teams to integrate security into complex application ecosystems.
• Familiarity with security-by-design principles and a solid understanding of application security frameworks and standards.
• Familiarity with cloud-based hosting providers like AWS, Google Cloud or Microsoft Azure.
• Knowledge of OWASP and relevant standards like the Top 10, ASVS and MASVS.
• Proficiency in at least one programming language and relevant security tools.
• Familiarity with threat modeling paradigms such as STRIDE or STRIPED.

Responsibilities:

• Collaborate with development and product teams to integrate security solutions into business-critical applications.
• Assist in creating and refining product security threat models, focusing on security measures tailored to the unique challenges of the insurance sector.
• Participate in secure code reviews and product security testing to identify vulnerabilities.
• Implement application security best practices throughout the software development lifecycle.
• Respond to vulnerabilities identified through internal security testing, prioritizing according to business impact.
• Support initiatives to enhance security awareness and practices within the application development teams.
• Work closely with compliance teams to ensure that applications adhere to industry-specific regulations and standards.
• Document security procedures, best practices, and team initiatives using repeatable patterns.