This job has closed.

Tokio Marine HCC – A&H Group · 22 hours ago

IT Security Application Analyst II

Georgia - Kennesaw

Full-time

Hybrid

Mid Level

Tokio Marine HCC (TMHCC) is a leading provider in the specialty insurance industry, offering a wide range of products globally. The IT Security Application Analyst II role is focused on safeguarding enterprise applications by implementing security controls, managing access governance, and collaborating with teams to maintain secure application environments.

Insurance

H1B Sponsor Likely

Responsibilities

Partner with application development teams to embed security requirements and controls throughout the software development lifecycle (SDLC), including design, coding, testing, and deployment

Conduct security reviews of application architectures, design documents, and source code (e.g., static/dynamic analysis)

Conduct and/or review vendor application security assessments, penetration tests, and SOC 2 / ISO 27001 reports

Define and enforce secure coding standards and practices in alignment with OWASP Top 10 and TMHCC policies

Maintain and continuously improve the Application Security Policy, Secure Development Standards, and related procedures

Evaluate and integrate security automation tools (SAST, DAST, SCA) within CI/CD pipelines

Experience integrating security tools into CI/CD pipelines (e.g., GitHub Advanced Security, Veracode, Checkmarx, or similar)

Provide security training and guidance to developers to foster a security-first development culture

Evaluate third-party software vendors for adherence to TMHCC’s security standards, including secure coding, vulnerability management, and data protection

Collaborate with Procurement and Legal to embed security requirements and due diligence in contracts and service agreements

Track and manage remediation of security issues identified in vendor solutions

Experience with vendor risk management and third-party software assessments

Develop key metrics and reporting for application and vendor security posture (e.g., vulnerability trends, remediation SLAs, risk acceptance tracking)

Participate in architecture review boards and change advisory processes to ensure secure-by-design principles are followed

Strong understanding of secure development frameworks (e.g., OWASP SAMM, NIST SP 800-218 SSDF)

Familiarity with threat modeling methodologies (STRIDE, PASTA)

Ability to translate complex security risks into actionable development requirements

Qualification

Application SecuritySecure Coding StandardsRisk AssessmentNIST Cybersecurity FrameworkCISSP CertificationCISM CertificationCISA CertificationVendor Risk ManagementThreat ModelingAnalytical SkillsCommunication SkillsOrganizational Skills

Required

4 Year / Bachelors in Computer Science, a related field, or the equivalent degree and/or experience

Ability to identify and assess the severity and potential impact of risks

Strong knowledge of the NIST cybersecurity framework

Possess and have ability to apply broad knowledge of principles, practices, and procedures

Thorough knowledge of industry accepted security architectures

Thorough knowledge of authentication and access systems

Able to effectively analyze risk within the context of business problems

General multi-platform information security knowledge in cloud, networks, Windows, desktops, servers, and application systems

Working knowledge of information security tools for intrusion monitoring, filtering, event management, compliance management and vulnerability management

General knowledge of regulatory requirements such as SOC 2, Sarbanes-Oxley, Health Insurance Portability & Accountability Act (HIPAA), along with US data privacy laws

Experience in following system information security policies, standards, and procedures

Experience implementing security-related projects

Excellent written and verbal communication skills with an emphasis on confidentiality, tact, and diplomacy

Exceptional organizational and analytical skills; demonstrated ability to manage multiple tasks simultaneously

Knowledgeable of industry changes, legal updates, and technical developments related to the applicable area of the Company's business to proactively respond to changing business

Overtime hours may be required to fulfill job responsibilities

May be required to remain stationary for extended periods of time

May be required to move up to 10 pounds

Must be able to operate a computer and other devices

Close vision and ability to adjust focus, such as required to read a computer screen

Occasional travel up to 10%

Preferred

Certified Information System Security Professional (CISSP)

Certified Information Security Manager (CISM)

Certified Information Systems Auditor (CISA)

Benefits

Generous paid time off (PTO), 12 paid company holidays

401(k) Retirement Plan with 6% company match

Health and dental insurance, and vision plan available

Company-provided long-term disability and life insurance

Opportunities for advancement in a successful and growing organization

Flexible work schedules and a great work/life balance

Paid Parental Leave

Volunteer Time Off

Enjoy casual dress and work in a modern, comfortable office with free parking

Hybrid work schedule

Company

Tokio Marine HCC – A&H Group

For over 50 years, HCC Life Insurance Company, operating as Tokio Marine HCC – A&H Group, has been at the forefront of medical stop loss insurance.

Founded in 1978

Kennesaw, Georgia, US

501-1000 employees

https://tmhcc.com/AHGroup

H1B Sponsorship

Tokio Marine HCC – A&H Group has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2023 (1)

2022 (1)

Funding

Current Stage

Late Stage

Leadership Team

Jay Ritchie

EVP & COO

Charlie Carlson

Chief Underwriting Officer

Company data provided by crunchbase