Amerisure Insurance · 1 day ago
Senior Application Security Engineer
Farmington Hills, MI
Full-time
Hybrid
Senior Level
7+ years expAmerisure Insurance is a property and casualty insurance company focused on creating exceptional value for its partners, policyholders, and employees. They are seeking a Senior Application Security Engineer to take ownership of security initiatives, shape strategy, and partner with engineering teams to safeguard applications. The role involves designing and maintaining security controls, leading incident response, and mentoring team members to enhance the organization's security posture.
Financial Services
Responsibilities
Configure, implement, and maintain security systems with a hands-on approach to ensure the integrity, availability and resilience of the organization’s IT infrastructure, applications and data
Serve as a subject matter expert for application, API, and integration security across the enterprise. Establish and embed secure development requirements, best practices, patterns, and guardrails (Left Shift) across platforms, technology stacks, and development teams to enhance the overall application and API security posture
Define, design, implement, and continuously improve application security processes, tools, and metrics. Integrate and optimize SAST, SCA, IAST, DAST, and secrets detection tools within CI/CD pipelines, and monitor, track, and report application and API security metrics to leadership
Conduct comprehensive application and API security reviews, vulnerability assessments, and penetration testing, actively configuring and fine-tuning security tools to identify and remediate gaps
Collaborate with cross-functional teams to enforce security best practices and ensure compliance with relevant standards and frameworks (e.g., NIST CSF, NY DFS, MI DIFS, OWASP, HIPAA/HTRUST), configuring security solutions to meet evolving business and regulatory requirements
Lead incident response and digital forensics investigations, providing technical expertise to analyze cyber events and implement effective remediation actions that minimize operational impact
Mentor and guide security team members, sharing knowledge and expertise in application and API security, threat analysis, vulnerability management, cloud security, and cryptography, while fostering a collaborative, learning-driven team culture
Qualification
Required
Bachelor's degree or equivalent combination of education and experience
7+ years of experience in Application and API Security within a DevSecOps environment
Required certifications include at least one CISSP, CSSLP, CCSP, GSEC, CEH, CISM, or CRISC, in addition to platform-specific certifications (AWS, Microsoft, Cisco, etc.) or domain specific certifications (OSWE, OSCP, GWAPT, or GWEB)
Proven experience securing SaaS and custom applications in complex multi-cloud environments, applying security best practices and compliance frameworks
Expert knowledge of secure SDLC principles, application and API security, container security, and secure coding practices
Deep familiarity with OWASP Top 10, OWASP API Security Top 10, and CWE in DevOps environments using TeamCity, Azure Pipelines, GitHub Actions, and Bitbucket Pipelines
Extensive experience automating security scans and integrating SAST, SCA, IAST, DAST, and secrets detection tools into CI/CD pipelines
Proficiency in managing application security tools, including SonarQube, Black Duck, Synopsys Seeker, Snyk, and Wiz Code
Strong understanding of modern authentication and authorization protocols, including OAuth2, OIDC, JWT, and mTLS
Knowledge of cryptographic protocols and standards such as SSL/TLS, SSH, PKI, and emerging quantum-resistant encryption techniques
Solid understanding of security standards and frameworks, including NIST CSF, NY DFS, MI DIFS, HIPAA/HITECH, MITRE ATT&CK, and domain-specific regulatory requirements
In-depth knowledge of common attack vectors and tactics, with a focus on proactive defense and risk mitigation
Proficient in vulnerability assessment and penetration testing tools, capable of identifying, analyzing, and remediating vulnerabilities across applications and systems
Excellent communication skills to clearly articulate security risks, policies, and remediation strategies to both technical and non-technical stakeholders
Preferred
Experience in Property & Casualty insurance or other regulated industries preferred
Familiarity with enterprise platforms such as Guidewire, Salesforce, Databricks, and SnapLogic is preferred
Skilled in leading team initiatives using project management and Agile methodologies
Benefits
Competitive base pay
Performance-based incentive pay
Comprehensive health and welfare benefits
A 401(k) savings plan with profit sharing
Generous paid time off programs
Flexible work arrangements
Company
Amerisure Insurance
Amerisure is an insurance company that creates exceptional value for its agencies, employees and policyholders.
501-1000 employees
H1B Sponsorship
Amerisure Insurance has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (1)
2020 (1)
Funding
Current Stage
Late StageLeadership Team
Kendall Clavin
Vice President of Underwriting
K
Kevin Korte
Vice President of Workers’ Compensation
Recent News
2025-09-25
Company data provided by crunchbase