Jobs · Information Technology · Michigan

Senior Application Security Engineer (REMOTE)

Amerisure Insurance · Farmington Hills, MI · 3 wk ago
HybridInformation TechnologyFull-time

About the role

Amerisure is seeking a Senior Application Security Engineer to join our dynamic team. This role is remote-friendly and plays a crucial part in shaping our security strategy and ensuring the robustness of our applications.

Responsibilities

  • Configure, implement, and maintain security systems to protect IT infrastructure, applications, and data.
  • Establish and embed secure development requirements and best practices across platforms and teams.
  • Define, design, implement, and continuously improve application security processes, tools, and metrics.
  • Integrate and optimize security scanning tools into CI/CD pipelines and monitor application and API security metrics.
  • Conduct comprehensive application and API security reviews, vulnerability assessments, and penetration tests.
  • Collaborate with cross-functional teams to enforce security best practices and ensure compliance with relevant standards and frameworks.
  • Lead incident response and digital forensics investigations, providing technical expertise to analyze and remediate cyber events.
  • Mentor and guide security team members, sharing knowledge and expertise in various security domains.

Requirements

  • Bachelor’s degree or equivalent experience in Information Technology, Computer Science, or related field.
  • 7+ years of experience in Application and API Security within a DevSecOps environment.
  • At least one CISSP, CSSLP, CCSP, GSEC, CEH, CISM, or CRISC certification, plus platform-specific or domain-specific certifications.
  • Experience in Property & Casualty insurance or other regulated industries.
  • Expertise in secure SDLC principles, application and API security, container security, and secure coding practices.
  • Extensive experience automating security scans and integrating SAST, SCA, IAST, DAST, and secrets detection tools into CI/CD pipelines.
  • Proficiency in managing application security tools, such as SonarQube, Black Duck, Synopsys Seeker, Snyk, and Wiz Code.
  • Knowledge of modern authentication and authorization protocols, including OAuth2, OIDC, JWT, and mTLS.
  • Understanding of cryptographic protocols and standards like SSL/TLS, SSH, PKI, and emerging quantum-resistant encryption techniques.
  • In-depth knowledge of security standards and frameworks, including NIST CSF, NY DFS, MI DIFS, HIPAA/HITECH, MITRE ATT&CK, and domain-specific regulatory requirements.
  • Experience with vulnerability assessment and penetration testing tools, able to identify, analyze, and remediate vulnerabilities.
  • Familiarity with enterprise platforms such as Guidewire, Salesforce, Databricks, and SnapLogic.
  • Strong project management and Agile methodologies experience.

Qualifications

  • Excellent communication skills to articulate security risks, policies, and remediation strategies to both technical and non-technical stakeholders.

Skills & Abilities

  • Knowledge of OWASP Top 10, OWASP API Security Top 10, and CWE in DevOps environments.
  • Experience with TeamCity, Azure Pipelines, GitHub Actions, and Bitbucket Pipelines.
  • Understanding of modern authentication and authorization protocols, including OAuth2, OIDC, JWT, and mTLS.
  • Expertise in cryptographic protocols and standards, including SSL/TLS, SSH, PKI, and emerging quantum-resistant encryption techniques.
  • In-depth knowledge of security standards and frameworks, including NIST CSF, NY DFS, MI DIFS, HIPAA/HITECH, MITRE ATT&CK, and domain-specific regulatory requirements.
  • Experience with vulnerability assessment and penetration testing tools, able to identify, analyze, and remediate vulnerabilities.
  • Familiarity with enterprise platforms such as Guidewire, Salesforce, Databricks, and SnapLogic.
  • Strong project management and Agile methodologies experience.

Benefits

Competitive base pay, performance-based incentive pay, comprehensive health and welfare benefits, a 401(k) savings plan with profit sharing, and generous paid time off programs. Flexible work arrangements are also available to promote work-life balance.

Pay

Commensurate with experience.

Schedule

Flexible work arrangements are available.

Similar jobs