Quanata is on a mission to help ensure a better world through context-based insurance solutions. The Application Security Engineer will help build secure products and services across Quanata's AI-native insurance technology platform, partnering with various teams to strengthen secure development practices.
Responsibilities:
- Partner with Product and Engineering teams to integrate security into application design and development
- Lead threat modeling exercises and identify practical security solutions for complex systems
- Conduct secure code reviews, application security assessments, and vulnerability analysis
- Develop and implement automated security guardrails across the SDLC
- Investigate, prioritize, and drive remediation of application security findings
- Promote secure coding practices through training, coaching, and awareness initiatives
- Collaborate with Security, Privacy, and Business Assurance teams to support compliance and risk management objectives
- Create and maintain security standards, procedures, and best practices that scale across teams
Requirements:
- Associate's degree or equivalent experience required; Bachelor's degree preferred
- 4–6+ years of experience in software engineering, including at least 2 years focused on application security
- Experience partnering directly with software development teams to improve application security
- Knowledge of secure-by-design principles and modern application security practices
- Familiarity with OWASP Top 10, ASVS, MASVS, and common application security frameworks
- Experience with threat modeling methodologies such as STRIDE, PASTA, or similar approaches
- Working knowledge of cloud platforms and modern application architectures
- Proficiency in at least one programming language and its security ecosystem
- Strong communication skills and the ability to influence technical and non-technical stakeholders
- Comfortable operating in a fast-paced environment with shifting priorities
- Security certifications such as CSSLP, GWEB, OSWE, or similar
- Experience working in insurance, financial services, healthcare, or other regulated industries
- Advanced knowledge of cloud security and application security architecture
- Experience with mobile application security, QA testing, or penetration testing
- Familiarity with AI technologies, LLM security, or prompt engineering
- Experience building scripts or automations to streamline security processes
- Active involvement in the security community through conferences, mentoring, presentations, publications, or open-source contributions