[Remote] Senior Application Security Engineer (REMOTE)
Note: The job is a remote job and is open to candidates in USA. Amerisure Insurance is a property and casualty insurance company that creates exceptional value for its partners, policyholders, and employees. They are seeking a Senior Application Security Engineer to take ownership of security initiatives and partner closely with engineering teams to safeguard applications. The role involves designing, implementing, and maintaining security controls, leading security monitoring, and conducting application and API penetration testing.ResponsibilitiesConfigure, implement, and maintain security systems with a hands-on approach to ensure the integrity, availability and resilience of the organization’s IT infrastructure, applications and dataServe as a subject matter expert for application, API, and integration security across the enterprise. Establish and embed secure development requirements, best practices, patterns, and guardrails (Left Shift) across platforms, technology stacks, and development teams to enhance the overall application and API security postureDefine, design, implement, and continuously improve application security processes, tools, and metrics. Integrate and optimize SAST, SCA, IAST, DAST, and secrets detection tools within CI/CD pipelines, and monitor, track, and report application and API security metrics to leadershipConduct comprehensive application and API security reviews, vulnerability assessments, and penetration testing, actively configuring and fine-tuning security tools to identify and remediate gapsCollaborate with cross-functional teams to enforce security best practices and ensure compliance with relevant standards and frameworks (e.g., NIST CSF, NY DFS, MI DIFS, OWASP, HIPAA/HTRUST), configuring security solutions to meet evolving business and regulatory requirementsLead incident response and digital forensics investigations, providing technical expertise to analyze cyber events and implement effective remediation actions that minimize operational impactMentor and guide security team members, sharing knowledge and expertise in application and API security, threat analysis, vulnerability management, cloud security, and cryptography, while fostering a collaborative, learning-driven team cultureSkillsBachelor's degree or equivalent combination of education and experience7+ years of experience in Application and API Security within a DevSecOps environmentRequired certifications include at least one CISSP, CSSLP, CCSP, GSEC, CEH, CISM, or CRISC, in addition to platform-specific certifications (AWS, Microsoft, Cisco, etc.) or domain specific certifications (OSWE, OSCP, GWAPT, or GWEB)Proven experience securing SaaS and custom applications in complex multi-cloud environments, applying security best practices and compliance frameworksExpert knowledge of secure SDLC principles, application and API security, container security, and secure coding practicesDeep familiarity with OWASP Top 10, OWASP API Security Top 10, and CWE in DevOps environments using TeamCity, Azure Pipelines, GitHub Actions, and Bitbucket PipelinesExtensive experience automating security scans and integrating SAST, SCA, IAST, DAST, and secrets detection tools into CI/CD pipelinesProficiency in managing application security tools, including SonarQube, Black Duck, Synopsys Seeker, Snyk, and Wiz CodeStrong understanding of modern authentication and authorization protocols, including OAuth2, OIDC, JWT, and mTLSKnowledge of cryptographic protocols and standards such as SSL/TLS, SSH, PKI, and emerging quantum-resistant encryption techniquesSolid understanding of security standards and frameworks, including NIST CSF, NY DFS, MI DIFS, HIPAA/HITECH, MITRE ATT&CK, and domain-specific regulatory requirementsIn-depth knowledge of common attack vectors and tactics, with a focus on proactive defense and risk mitigationProficient in vulnerability assessment and penetration testing tools, capable of identifying, analyzing, and remediating vulnerabilities across applications and systemsExcellent communication skills to clearly articulate security risks, policies, and remediation strategies to both technical and non-technical stakeholdersExperience in Property & Casualty insurance or other regulated industries preferredFamiliarity with enterprise platforms such as Guidewire, Salesforce, Databricks, and SnapLogic is preferredSkilled in leading team initiatives using project management and Agile methodologiesBenefitsCompetitive base payPerformance-based incentive payComprehensive health and welfare benefitsA 401(k) savings plan with profit sharingGenerous paid time off programsFlexible work arrangements to promote work-life balanceCompany OverviewAmerisure is an insurance company that creates exceptional value for its agencies, employees and policyholders. It was founded in 1912, and is headquartered in Farmington Hills, Michigan, USA, with a workforce of 501-1000 employees. Its website is http://www.amerisure.com/.Company H1B SponsorshipAmerisure Insurance has a track record of offering H1B sponsorships, with 1 in 2023, 1 in 2020. Please note that this does not guarantee sponsorship for this specific role.