Senior Application Security Engineer (REMOTE)
Amerisure Insurance · Farmington Hills, MI · 3 wk ago
HybridInformation TechnologyFull-time
About the role
Amerisure is seeking a Senior Application Security Engineer to join our dynamic team. This role is remote-friendly and plays a crucial part in shaping our security strategy and ensuring the robustness of our applications.
Responsibilities
- Configure, implement, and maintain security systems to protect IT infrastructure, applications, and data.
- Establish and embed secure development requirements and best practices across platforms and teams.
- Define, design, implement, and continuously improve application security processes, tools, and metrics.
- Integrate and optimize security scanning tools into CI/CD pipelines and monitor application and API security metrics.
- Conduct comprehensive application and API security reviews, vulnerability assessments, and penetration tests.
- Collaborate with cross-functional teams to enforce security best practices and ensure compliance with relevant standards and frameworks.
- Lead incident response and digital forensics investigations, providing technical expertise to analyze and remediate cyber events.
- Mentor and guide security team members, sharing knowledge and expertise in various security domains.
Requirements
- Bachelor’s degree or equivalent experience in Information Technology, Computer Science, or related field.
- 7+ years of experience in Application and API Security within a DevSecOps environment.
- At least one CISSP, CSSLP, CCSP, GSEC, CEH, CISM, or CRISC certification, plus platform-specific or domain-specific certifications.
- Experience in Property & Casualty insurance or other regulated industries.
- Expertise in secure SDLC principles, application and API security, container security, and secure coding practices.
- Extensive experience automating security scans and integrating SAST, SCA, IAST, DAST, and secrets detection tools into CI/CD pipelines.
- Proficiency in managing application security tools, such as SonarQube, Black Duck, Synopsys Seeker, Snyk, and Wiz Code.
- Knowledge of modern authentication and authorization protocols, including OAuth2, OIDC, JWT, and mTLS.
- Understanding of cryptographic protocols and standards like SSL/TLS, SSH, PKI, and emerging quantum-resistant encryption techniques.
- In-depth knowledge of security standards and frameworks, including NIST CSF, NY DFS, MI DIFS, HIPAA/HITECH, MITRE ATT&CK, and domain-specific regulatory requirements.
- Experience with vulnerability assessment and penetration testing tools, able to identify, analyze, and remediate vulnerabilities.
- Familiarity with enterprise platforms such as Guidewire, Salesforce, Databricks, and SnapLogic.
- Strong project management and Agile methodologies experience.
Qualifications
- Excellent communication skills to articulate security risks, policies, and remediation strategies to both technical and non-technical stakeholders.
Skills & Abilities
- Knowledge of OWASP Top 10, OWASP API Security Top 10, and CWE in DevOps environments.
- Experience with TeamCity, Azure Pipelines, GitHub Actions, and Bitbucket Pipelines.
- Understanding of modern authentication and authorization protocols, including OAuth2, OIDC, JWT, and mTLS.
- Expertise in cryptographic protocols and standards, including SSL/TLS, SSH, PKI, and emerging quantum-resistant encryption techniques.
- In-depth knowledge of security standards and frameworks, including NIST CSF, NY DFS, MI DIFS, HIPAA/HITECH, MITRE ATT&CK, and domain-specific regulatory requirements.
- Experience with vulnerability assessment and penetration testing tools, able to identify, analyze, and remediate vulnerabilities.
- Familiarity with enterprise platforms such as Guidewire, Salesforce, Databricks, and SnapLogic.
- Strong project management and Agile methodologies experience.
Benefits
Competitive base pay, performance-based incentive pay, comprehensive health and welfare benefits, a 401(k) savings plan with profit sharing, and generous paid time off programs. Flexible work arrangements are also available to promote work-life balance.
Pay
Commensurate with experience.
Schedule
Flexible work arrangements are available.