200+ applicants

Company

Original Job Post

Quanata · 2 days ago

Staff Application Security Engineer

United States

Full-time

Remote

Senior Level

$219K/yr - $333K/yr

8+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

AnalyticsArtificial Intelligence (AI)

H1B Sponsorship

Growth Opportunities

Insider Connection @Quanata

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Join a product security team to design, develop, and implement high-level application security architecture across diverse projects, focusing on the insurance industry.

Work with architecture, development, and product teams to architect security solutions for business-critical applications.

Create and refine application threat models tailored to the insurance sector.

Design and establish application security architecture frameworks, setting clear product security standards.

Perform security code reviews and application security testing.

Offer strategic direction on application security best practices and manage their incorporation into software development processes.

Evaluate and respond to vulnerabilities identified through internal security testing, prioritizing according to business impact.

Drive initiatives to enhance security awareness and practices within the application development teams.

Work closely with compliance teams to ensure applications adhere to industry-specific regulations and standards.

Document runbooks, best practices, team initiatives using repeatable patterns.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Information SecurityApplication Security EngineeringSecurity ArchitectureSecurity-by-Design PrinciplesApplication Security FrameworksOWASP Top OWASP Secure HeadersASVSMASVSRegulatory Environment KnowledgeThreat ModelingRisk AssessmentVulnerability ManagementProgramming Language ProficiencyProblem-SolvingCommunicationLeadershipRisk Assessment ModelsCloud Security SolutionsPurple Team ActivitiesSecurity FrameworksFull Stack EngineerTraining LeadershipData Protection RegulationsCompliance Frameworks

Required

12 or more years experience in information security, to include 8 or more years of experience in application security engineering, with a specialization in security architecture

Expertise in security-by-design principles and a deep understanding of application security frameworks and standards

Experience in working with software development teams, providing security oversight in complex application ecosystems

Familiarity with OWASP Top 10, OWASP Secure Headers and OWASP standards like ASVS and MASVS

Familiarity with the regulatory environment of the insurance industry or a similarly regulated industry and its impact on application security

Strong skills in threat modeling, risk assessment, and vulnerability management

Proficient in at least one programming language

Excellent communication skills, with the ability to lead security initiatives and train teams on security best practices

Preferred

Advanced certifications in security architecture (e.g., CSSLP, EC-CASE, GWEB, OSCP, CISSP-ISSAP, SABSA) or related fields

Prior experience in a similar role within the insurance industry or other highly-regulated sectors

Proficiency in developing and implementing risk assessment models tailored to the insurance industry

Experience with cloud-based security solutions and familiarity with cloud service providers, particularly in relation to application security

Hands-on experience with 'purple team' activities, encompassing both offensive (penetration testing) and defensive (security architecture) methodologies

In-depth knowledge of various security frameworks (such as NIST, MITRE ATT&CK) and their application in a business context, especially within the insurance sector

Previous career experience as a full stack engineer

Demonstrated ability to engage in research and stay abreast of the latest trends and developments in application security and the insurance industry

Strong track record in leading security-focused training and workshops, enhancing the security skill set of development teams

Practical experience with data protection and privacy regulations relevant to the insurance industry, such as GDPR, HIPAA, or PCI-DSS

Experience with cloud security, data privacy, and compliance frameworks relevant to the insurance industry

Benefits

Health, dental, vision, and life insurance

Supplemental income plans

Headspace app subscription

Monthly wellness allowance

401(k) Plan with company match

One-time payment of $2K for in-home office equipment and furniture

MacBook Pro provisioned for remote work

Four weeks of PTO in the first year

Twelve weeks of fully paid parental leave

Up to $5000 per year for professional development

Udemy subscriptions

Access to coaching opportunities through BetterUp

Company

Quanata

Glassdoor

4.6

Quanata is on a mission to help ensure a better world through context-based insurance solutions.

Founded in 2015

San Francisco, California, USA

201-500 employees

https://www.blueowl.xyz

H1B Sponsorship

Quanata has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Trends of Total Sponsorships

2023 (5)

2022 (11)

2021 (13)

2020 (8)

Funding

Current Stage

Growth Stage

Leadership Team

Kathryn Vandiver

Vice President Of Engineering

Company data provided by crunchbase

Orion

Your AI Copilot