Amerisure Insurance

Senior Application Security Engineer

Amerisure Insurance

full-time

Posted on:

Location Type: Remote

Location: MissouriUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudGuidewireSDLC

About the role

  • The Senior IT Security Engineer designs, implements, and maintains security controls to protect the organization’s systems and data.
  • This role leads security monitoring, vulnerability management, and incident response efforts, while embedding security throughout the SDLC and integrating testing capabilities into CI/CD pipelines.
  • The engineer supports secure development practices and conducts application and API penetration testing.
  • Working closely with development, QA, DevOps, and architecture teams, this role strengthens the security posture of mission‑critical SaaS and hybrid cloud applications.
  • The Senior Engineer also advises leadership on security strategies, emerging technologies, and alignment with business goals, ensuring innovative, compliant, and effective security solutions.
  • Configure, implement, and maintain security systems with a hands-on approach to ensure the integrity, availability and resilience of the organization’s IT infrastructure, applications and data.
  • Serve as a subject matter expert for application, API, and integration security across the enterprise.
  • Establish and embed secure development requirements, best practices, patterns, and guardrails (Left Shift) across platforms, technology stacks, and development teams to enhance the overall application and API security posture.
  • Define, design, implement, and continuously improve application security processes, tools, and metrics.
  • Integrate and optimize SAST, SCA, IAST, DAST, and secrets detection tools within CI/CD pipelines, and monitor, track, and report application and API security metrics to leadership.
  • Conduct comprehensive application and API security reviews, vulnerability assessments, and penetration testing, actively configuring and fine-tuning security tools to identify and remediate gaps.
  • Collaborate with cross-functional teams to enforce security best practices and ensure compliance with relevant standards and frameworks (e.g., NIST CSF, NY DFS, MI DIFS, OWASP, HIPAA/HTRUST), configuring security solutions to meet evolving business and regulatory requirements.
  • Lead incident response and digital forensics investigations, providing technical expertise to analyze cyber events and implement effective remediation actions that minimize operational impact.
  • Mentor and guide security team members, sharing knowledge and expertise in application and API security, threat analysis, vulnerability management, cloud security, and cryptography, while fostering a collaborative, learning-driven team culture.

Requirements

  • Bachelor’s degree or equivalent combination of education and experience.
  • 7+ years of experience in Application and API Security within a DevSecOps environment.
  • Required certifications include at least one CISSP, CSSLP, CCSP, GSEC, CEH, CISM, or CRISC, in addition to platform-specific certifications (AWS, Microsoft, Cisco, etc.) or domain specific certifications (OSWE, OSCP, GWAPT, or GWEB).
  • Experience in Property & Casualty insurance or other regulated industries preferred.
  • Proven experience securing SaaS and custom applications in complex multi-cloud environments, applying security best practices and compliance frameworks.
  • Expert knowledge of secure SDLC principles, application and API security, container security, and secure coding practices.
  • Deep familiarity with OWASP Top 10, OWASP API Security Top 10, and CWE in DevOps environments using TeamCity, Azure Pipelines, GitHub Actions, and Bitbucket Pipelines.
  • Extensive experience automating security scans and integrating SAST, SCA, IAST, DAST, and secrets detection tools into CI/CD pipelines.
  • Proficiency in managing application security tools, including SonarQube, Black Duck, Synopsys Seeker, Snyk, and Wiz Code.
  • Strong understanding of modern authentication and authorization protocols, including OAuth2, OIDC, JWT, and mTLS.
  • Knowledge of cryptographic protocols and standards such as SSL/TLS, SSH, PKI, and emerging quantum-resistant encryption techniques.
  • Solid understanding of security standards and frameworks, including NIST CSF, NY DFS, MI DIFS, HIPAA/HITECH, MITRE ATT&CK, and domain-specific regulatory requirements.
  • In-depth knowledge of common attack vectors and tactics, with a focus on proactive defense and risk mitigation.
  • Proficient in vulnerability assessment and penetration testing tools, capable of identifying, analyzing, and remediating vulnerabilities across applications and systems.
  • Familiarity with enterprise platforms such as Guidewire, Salesforce, Databricks, and SnapLogic is preferred.
  • Skilled in leading team initiatives using project management and Agile methodologies.
  • Excellent communication skills to clearly articulate security risks, policies, and remediation strategies to both technical and non-technical stakeholders.
Benefits
  • competitive base pay
  • performance-based incentive pay
  • comprehensive health and welfare benefits
  • 401(k) savings plan with profit sharing
  • generous paid time off programs
  • flexible work arrangements
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Application SecurityAPI SecuritySecure SDLCVulnerability ManagementPenetration TestingCloud SecuritySecure Coding PracticesIncident ResponseDigital ForensicsThreat Analysis
Soft Skills
MentoringCollaborationCommunicationLeadershipProblem SolvingTeam CultureKnowledge SharingAdaptabilityAnalytical ThinkingProject Management
Certifications
CISSPCSSLPCCSPGSECCEHCISMCRISCOSWEOSCPGWAPT