Senior Application Security Engineer

🕒 March 30

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Amerisure Insurance

Amerisure Insurance

501 - 1000 employees

Amerisure Insurance Company’s continuous strength and success are the result of an unwavering commitment to service. Since 1912, Amerisure has worked tirelessly to make America’s workplaces safer. Our expertise is providing business insurance solutions to the manufacturing, construction, healthcare, and wholesale & distribution industries.

📋 Description

• The Senior IT Security Engineer designs, implements, and maintains security controls to protect the organization’s systems and data. • This role leads security monitoring, vulnerability management, and incident response efforts, while embedding security throughout the SDLC and integrating testing capabilities into CI/CD pipelines. • The engineer supports secure development practices and conducts application and API penetration testing. • Working closely with development, QA, DevOps, and architecture teams, this role strengthens the security posture of mission‑critical SaaS and hybrid cloud applications. • The Senior Engineer also advises leadership on security strategies, emerging technologies, and alignment with business goals, ensuring innovative, compliant, and effective security solutions. • Configure, implement, and maintain security systems with a hands-on approach to ensure the integrity, availability and resilience of the organization’s IT infrastructure, applications and data. • Serve as a subject matter expert for application, API, and integration security across the enterprise. • Establish and embed secure development requirements, best practices, patterns, and guardrails (Left Shift) across platforms, technology stacks, and development teams to enhance the overall application and API security posture. • Define, design, implement, and continuously improve application security processes, tools, and metrics. • Integrate and optimize SAST, SCA, IAST, DAST, and secrets detection tools within CI/CD pipelines, and monitor, track, and report application and API security metrics to leadership. • Conduct comprehensive application and API security reviews, vulnerability assessments, and penetration testing, actively configuring and fine-tuning security tools to identify and remediate gaps. • Collaborate with cross-functional teams to enforce security best practices and ensure compliance with relevant standards and frameworks (e.g., NIST CSF, NY DFS, MI DIFS, OWASP, HIPAA/HTRUST), configuring security solutions to meet evolving business and regulatory requirements. • Lead incident response and digital forensics investigations, providing technical expertise to analyze cyber events and implement effective remediation actions that minimize operational impact. • Mentor and guide security team members, sharing knowledge and expertise in application and API security, threat analysis, vulnerability management, cloud security, and cryptography, while fostering a collaborative, learning-driven team culture.

🎯 Requirements

• Bachelor’s degree or equivalent combination of education and experience. • 7+ years of experience in Application and API Security within a DevSecOps environment. • Required certifications include at least one CISSP, CSSLP, CCSP, GSEC, CEH, CISM, or CRISC, in addition to platform-specific certifications (AWS, Microsoft, Cisco, etc.) or domain specific certifications (OSWE, OSCP, GWAPT, or GWEB). • Experience in Property & Casualty insurance or other regulated industries preferred. • Proven experience securing SaaS and custom applications in complex multi-cloud environments, applying security best practices and compliance frameworks. • Expert knowledge of secure SDLC principles, application and API security, container security, and secure coding practices. • Deep familiarity with OWASP Top 10, OWASP API Security Top 10, and CWE in DevOps environments using TeamCity, Azure Pipelines, GitHub Actions, and Bitbucket Pipelines. • Extensive experience automating security scans and integrating SAST, SCA, IAST, DAST, and secrets detection tools into CI/CD pipelines. • Proficiency in managing application security tools, including SonarQube, Black Duck, Synopsys Seeker, Snyk, and Wiz Code. • Strong understanding of modern authentication and authorization protocols, including OAuth2, OIDC, JWT, and mTLS. • Knowledge of cryptographic protocols and standards such as SSL/TLS, SSH, PKI, and emerging quantum-resistant encryption techniques. • Solid understanding of security standards and frameworks, including NIST CSF, NY DFS, MI DIFS, HIPAA/HITECH, MITRE ATT&CK, and domain-specific regulatory requirements. • In-depth knowledge of common attack vectors and tactics, with a focus on proactive defense and risk mitigation. • Proficient in vulnerability assessment and penetration testing tools, capable of identifying, analyzing, and remediating vulnerabilities across applications and systems. • Familiarity with enterprise platforms such as Guidewire, Salesforce, Databricks, and SnapLogic is preferred. • Skilled in leading team initiatives using project management and Agile methodologies. • Excellent communication skills to clearly articulate security risks, policies, and remediation strategies to both technical and non-technical stakeholders.

🏖️ Benefits

• competitive base pay • performance-based incentive pay • comprehensive health and welfare benefits • 401(k) savings plan with profit sharing • generous paid time off programs • flexible work arrangements

Apply Now

Similar Jobs

🕒 March 28

UKG

10,000+ employees

🤝 B2B

👥 HR Tech

☁️ SaaS

Field Application Engineer responsible for pre and post-sales support for RF and Microwave test products. Collaborating with customers and sales teams on test and measurement solutions.

🕒 March 28

RevenueCat

51 - 200

☁️ SaaS

🔌 API

🤝 B2B

Senior Application Security Engineer at RevenueCat ensuring security across web and mobile applications. Collaborating with engineering teams and external parties to create secure frameworks and support bug bounty programs.

🕒 March 28

ThirdLaw Molecular

1 - 10

🧬 Biotechnology

💊 Pharmaceuticals

⚕️ Healthcare Insurance

Full-stack Engineer at ThirdLaw building AI-native platform features. Working in a small team to deliver impactful solutions to ensure AI trust and safety.

🕒 March 27

Hitachi

10,000+ employees

🤖 Artificial Intelligence

⚡ Energy

🚗 Transport

Application Engineering Specialist developing technical solutions for Hitachi Energy's transformers business. Collaborating with teams to drive customer satisfaction and manage engineering projects.

🕒 March 26

Palantir Technologies

1001 - 5000

🤖 Artificial Intelligence

🏛️ Government

🏢 Enterprise

Application Security Engineer performing security reviews and leading initiatives for secure software at Palantir. Collaborating with engineering teams to mitigate vulnerabilities and enhance product security.