200+ applicants

Company

Original Job Post

Quanata · 2 days ago

Senior Application Security Engineer

United States

Full-time

Remote

Senior Level

$171K/yr - $299K/yr

5+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

AnalyticsArtificial Intelligence (AI)

H1B Sponsorship

Growth Opportunities

Insider Connection @Quanata

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Join a product security team to develop and implement high-level application security architecture across diverse projects, with a focus on the insurance industry.

Collaborate with development and product teams to integrate advanced security solutions by design into business-critical applications.

Create and refine application threat models, emphasizing robust security measures tailored to the unique challenges of the insurance sector.

Create application security architecture patterns, and product security requirements.

Perform security code reviews and application security testing.

Provide strategic guidance on application security best practices and oversee the implementation of these practices in software development life cycles.

Evaluate and respond to vulnerabilities identified through internal security testing, prioritizing according to business impact.

Drive initiatives to enhance security awareness and practices within the application development teams.

Work closely with compliance teams to ensure that applications adhere to industry-specific regulations and standards.

Document runbooks, best practices, team initiatives using repeatable patterns.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Information SecurityApplication Security EngineeringSecurity ArchitectureSecurity-by-Design PrinciplesApplication Security FrameworksOWASPASVSMASVSRegulatory Environment KnowledgeThreat ModelingRisk AssessmentVulnerability ManagementProgramming Language ProficiencySecurity Tools ProficiencyCommunicationLeadershipRisk Assessment ModelsCloud Security SolutionsPurple Team ActivitiesSecurity FrameworksFull Stack EngineerTraining LeadershipData Protection RegulationsCompliance Frameworks

Required

8 years of experience in information security, to include 5 years of experience in application security engineering, with a specialization in security architecture

Expertise in security-by-design principles and a deep understanding of application security frameworks and standards

Experience in working with software development teams, providing security oversight in complex application ecosystems

Familiarity with OWASP and relevant standards like ASVS and MASVS

Familiarity with the regulatory environment of the insurance industry or a similarly regulated industry and its impact on application security

Strong skills in threat modeling, risk assessment, and vulnerability management

Proficient in at least one programming language and relevant security tools

Excellent communication skills, with the ability to lead security initiatives and train teams on security best practices

Preferred

Advanced certifications in security architecture (e.g., CSSLP, EC-CASE, GWEB, OSCP, CISSP-ISSAP, SABSA) or related fields

Prior experience in a similar role within the insurance industry or other highly-regulated sectors

Proficiency in developing and implementing risk assessment models tailored to the insurance industry

Experience with cloud-based security solutions and familiarity with cloud service providers, particularly in relation to application security

Hands-on experience with 'purple team' activities, encompassing both offensive (penetration testing) and defensive (security architecture) methodologies

In-depth knowledge of various security frameworks (such as NIST, MITRE ATT&CK) and their application in a business context, especially within the insurance sector

Previous career experience as a full stack engineer

Demonstrated ability to engage in research and stay abreast of the latest trends and developments in application security and the insurance industry

Strong track record in leading security-focused training and workshops, enhancing the security skill set of development teams

Practical experience with data protection and privacy regulations relevant to the insurance industry, such as GDPR, HIPAA, or PCI-DSS

Experience with cloud security, data privacy, and compliance frameworks relevant to the insurance industry

Benefits

Medical

Dental

Vision

Life Insurance

Supplemental Income Plans

Headspace App Subscription

Monthly Wellness Allowance

401(k) Plan with Company Match

One-time $2K payment for in-home office equipment and furniture

Four weeks of PTO in the first year

Twelve weeks of fully paid parental leave

Up to $5000 per year for professional learning and development

Udemy Subscriptions

Access to coaching opportunities through BetterUp

Company

Quanata

Glassdoor

4.6

Quanata is on a mission to help ensure a better world through context-based insurance solutions.

Founded in 2015

San Francisco, California, USA

201-500 employees

https://www.blueowl.xyz

H1B Sponsorship

Quanata has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Trends of Total Sponsorships

2023 (5)

2022 (11)

2021 (13)

2020 (8)

Funding

Current Stage

Growth Stage

Leadership Team

Kathryn Vandiver

Vice President Of Engineering

Company data provided by crunchbase

Orion

Your AI Copilot