Amerisure InsuranceRemote
Senior Application Security Engineer (REMOTE)
United States of America
Full Time
2 weeks ago
H1B Sponsor Likely
Key skills
DatabricksAWSAzureGitHub ActionsTeamCityBitbucket PipelinesJWTGitHubBitbucketSaaSSalesforceAgileSDLCCI/CDLeadershipProject ManagementCommunicationSnykSonarQubeOWASPPenetration TestingCloud Security
About this role
Amerisure Insurance is a property and casualty insurance company that creates exceptional value for its partners, policyholders, and employees. They are seeking a Senior Application Security Engineer to take ownership of security initiatives, shape their strategy, and collaborate with engineering teams to safeguard applications.
Responsibilities:
- Configure, implement, and maintain security systems with a hands-on approach to ensure the integrity, availability and resilience of the organization’s IT infrastructure, applications and data
- Serve as a subject matter expert for application, API, and integration security across the enterprise
- Establish and embed secure development requirements, best practices, patterns, and guardrails (Left Shift) across platforms, technology stacks, and development teams to enhance the overall application and API security posture
- Define, design, implement, and continuously improve application security processes, tools, and metrics
- Integrate and optimize SAST, SCA, IAST, DAST, and secrets detection tools within CI/CD pipelines, and monitor, track, and report application and API security metrics to leadership
- Conduct comprehensive application and API security reviews, vulnerability assessments, and penetration testing, actively configuring and fine-tuning security tools to identify and remediate gaps
- Collaborate with cross-functional teams to enforce security best practices and ensure compliance with relevant standards and frameworks (e.g., NIST CSF, NY DFS, MI DIFS, OWASP, HIPAA/HTRUST), configuring security solutions to meet evolving business and regulatory requirements
- Lead incident response and digital forensics investigations, providing technical expertise to analyze cyber events and implement effective remediation actions that minimize operational impact
- Mentor and guide security team members, sharing knowledge and expertise in application and API security, threat analysis, vulnerability management, cloud security, and cryptography, while fostering a collaborative, learning-driven team culture
Requirements:
- Bachelor's degree or equivalent combination of education and experience
- 7+ years of experience in Application and API Security within a DevSecOps environment
- Required certifications include at least one CISSP, CSSLP, CCSP, GSEC, CEH, CISM, or CRISC, in addition to platform-specific certifications (AWS, Microsoft, Cisco, etc.) or domain specific certifications (OSWE, OSCP, GWAPT, or GWEB)
- Proven experience securing SaaS and custom applications in complex multi-cloud environments, applying security best practices and compliance frameworks
- Expert knowledge of secure SDLC principles, application and API security, container security, and secure coding practices
- Deep familiarity with OWASP Top 10, OWASP API Security Top 10, and CWE in DevOps environments using TeamCity, Azure Pipelines, GitHub Actions, and Bitbucket Pipelines
- Extensive experience automating security scans and integrating SAST, SCA, IAST, DAST, and secrets detection tools into CI/CD pipelines
- Proficiency in managing application security tools, including SonarQube, Black Duck, Synopsys Seeker, Snyk, and Wiz Code
- Strong understanding of modern authentication and authorization protocols, including OAuth2, OIDC, JWT, and mTLS
- Knowledge of cryptographic protocols and standards such as SSL/TLS, SSH, PKI, and emerging quantum-resistant encryption techniques
- Solid understanding of security standards and frameworks, including NIST CSF, NY DFS, MI DIFS, HIPAA/HITECH, MITRE ATT&CK, and domain-specific regulatory requirements
- In-depth knowledge of common attack vectors and tactics, with a focus on proactive defense and risk mitigation
- Proficient in vulnerability assessment and penetration testing tools, capable of identifying, analyzing, and remediating vulnerabilities across applications and systems
- Excellent communication skills to clearly articulate security risks, policies, and remediation strategies to both technical and non-technical stakeholders
- Experience in Property & Casualty insurance or other regulated industries preferred
- Familiarity with enterprise platforms such as Guidewire, Salesforce, Databricks, and SnapLogic is preferred
- Skilled in leading team initiatives using project management and Agile methodologies