Application Security Engineer

02 Jul 2024

Vacancy expired!

Who Are We?

Taking care of our customers, our communities and each other. That's the Travelers Promise. By honoring this commitment, we have maintained our reputation as one of the best property casualty insurers in the industry for over 160 years. Join us to discover a culture that is rooted in innovation and thrives on collaboration. Imagine loving what you do and where you do it.

Compensation Overview

The annual base salary range provided for this position is a nationwide market range and represents a broad range of salaries for this role across the country. The actual salary for this position will be determined by a number of factors, including the scope, complexity and location of the role; the skills, education, training, credentials and experience of the candidate; and other conditions of employment. As part of our comprehensive compensation and benefits program, employees are also eligible for performance-based cash incentive awards.

Salary Range$81,400.00 - $134,200.00

Target Openings1

What Is the Opportunity?You will work closely with the Claim Application Security and Software Engineering teams. This program includes interpretation of code scanning and open-source scanning results to help developers remediate vulnerabilities in internally developed applications. You will also be the point of contact for reviewing results of SAST, DAST and Open-Source scanning for Claim Technology Agile Release Trains (ARTs). You will be responsible for working with Claim Technology Software Engineers and the Application Security Engineering team to help guide development teams through the different activities surrounding defensive coding techniques. You will be responsible for working with the Claim architects and application security engineers to develop a plan to ensure that all patterns are reviewed with a regular cadence and work with the teams to ensure that necessary audit artifacts are documented.

The successful candidate for this role will be expected to think like an attacker and anticipate how they might exploit weaknesses. You will be responsible for researching relevant attack methods and engage with the ARTs and other Application Security Engineers to help ensure that all relevant risks are identified and addressed throughout the DevSecOps process. You will work directly with Agile teams to ensure security fixes are implemented and validated through manual security testing of the application. You will work with Claim Technology Software Engineers to ensure applications are onboarded for scanning and help with identification of vulnerabilities earlier in the development process. You will work with Claim Technology software engineers to help perform code scanning and help teams track their remediation efforts.

This position may be based 100% remotely or in one of our offices.Primary Job Duties & Responsibilities
  • Work directly with Claim Technology Software Engineers and other Application Security Engineers to help guide the Application Security program.
  • Research relevant attack methods and engage with Senior Application Security engineers and Enterprise Cybersecurity to help ensure that all relevant risks are identified and addressed.
  • Guide product and engineering teams to building secure features through security architecture design reviews and threat modeling.
  • Be an advocate for secure coding practices across all engineering teams.
  • Use attack driven techniques to defend our applications and systems by discovering weaknesses in our web and mobile application portfolio.
  • Work with the ARTs to ensure security is embedded throughout the entire development process.
  • Serve as the go between for Claim Technology and Travelers Enterprise Cybersecurity.
Minimum Qualifications
  • Bachelor's degree in computer science, information technology, or equivalent experience in related fields.
  • Demonstrated ability to interact with all levels of personnel within an organization.
  • Strong written and verbal communications skills.

Education, Work Experience, & Knowledge
  • Experience in developing in common languages and frameworks such as .NET, Java, React, Angular, Python & Node.js
  • Ability to work independently and as part of a team.
  • Experience developing information security standards and procedures a plus.
  • Penetration testing, Web Application Penetration testing a plus.
  • Certifications such as CSSLP, GWEB, GWAPT, or GPEN a plus.
  • Experience working in a Cyber Security group a plus.
  • Experience assessing and documenting the design of security controls to mitigate risk a plus.
  • Skilled at contributing and communicating knowledge of concepts to a broader audience.

Job Specific Technical Skills & Competencies
  • Problem Solving:
  • Demonstrates sound analytic and diagnostic skills dealing with issues that are loosely defined and/or where information is available but must be further manipulated.
  • Once decisions are made, is able to follow and direct action to implement intended results.
  • Breaks a problem down to manageable pieces and implements effective, timely solutions.
  • Openly and directly confronts conflict until resolved.
  • Team Orientation:
  • Builds relationships with peers and other departments to achieve objectives, to work as one team and to secure necessary resources not under his/her personal control.
  • Balances team and individual responsibilities.
  • Exhibits objectivity and openness to others' views.
  • Gives and welcomes feedback.
  • Puts success of team above self.
  • Supports a distinct business unit or several smaller functions.
  • Responsibilities are assigned with some latitude for setting priorities and decision-making using established policies and procedures.
  • Results are reviewed with next-level manager for clarification and direction before proceeding.
  • Planning and Project Management:
  • Works with the project manager in identifying those project tasks that are most important, establishes clear priorities and understands the larger picture.
  • Anticipates and effectively responds to changes in workload and resources.

Environmental / Work Schedules / Other
  • On call as needed.

Employment Practices

Travelers is an equal opportunity employer. We value the unique abilities and talents each individual brings to our organization and recognize that we benefit in numerous ways from our differences.

If you are a candidate and have specific questions regarding the physical requirements of this role, please send us an email so we may assist you.

Travelers reserves the right to fill this position at a level above or below the level included in this posting.

To learn more about our comprehensive benefit programs please visit http://careers.travelers.com/life-at-travelers/benefits/.

  • ID: #43776685
  • State: Connecticut Hartford 06101 Hartford USA
  • City: Hartford
  • Salary: USD TBD TBD
  • Job type: Permanent
  • Showed: 2022-07-02
  • Deadline: 2022-08-30
  • Category: Et cetera