AppSec Engineer (100% Remote)

Our customer offers automobile, homeowners and other personal lines of insurance to members across 23 states and the District of Columbia. For decades, they’ve brought peace of mind to members by looking to protect their belongings, find solutions to problems, settle claims and get their lives back on track. With more than 100 years of history, our Customer is one of the most trusted brands in America.

Our Customer is looking for an AppSec Engineer on a contract basis to help support their ongoing business needs. This role is 100% remote.

Responsibilities:

• Review detected vulnerabilities, filtering false-positive results and assisting developers as questions arise from findings
• Advocate for OWASP Application Security Verification Standard (ASVS) as an internal standard
• Supporting standards-compliance in secure system development, support, assessment, remediation, and configuration/change management
• Conduct security assessments on application code and applications for security flaws, identify potential areas of improvement and provide actionable recommendations to developers.
• Collaborate with cross-functional teams to ensure that security best practices are incorporated into the design and architecture of applications.
• Keep abreast of the latest security trends, vulnerabilities, and attack vectors and proactively identify potential risks to applications.
• Proven experience with cloud security posture management and runtime protection
• Conduct continuous cloud security testing
• Hands on experience with cloud native application protection in AWS, Azure and/or GCP
• Experience performing threat modeling with application teams

Qualifications:

• Bachelor's degree in Computer Science, Information Security or a related field.
• Cloud certifications such as AWS Certified Security - Specialty certification is a plus
• Proficiency with application security testing technologies such as SAST, DAST, SCA, IaC, IAST, RASP, Container Image Scanning, etc.
• Knowledge of common security vulnerabilities and best practices for remediation.
• Experience with security assessment tools such as static analysis tools, dynamic scanners and open-source library scanners.
• Awareness of application security across multiple verticals such as cloud/service provider, security provider, mobile, appliance
• Experience with source code management and AppSec testing tools
• Understanding of CI/CD Automation
• Familiarity with secure coding standards and practices, such as OWASP Top 10, OWASP Top 10 API.
• Familiar with building repeatable and automated security test suites
• Experience in application security, secure coding, vulnerability assessment and remediation.
• Understanding of web application architecture, including frameworks, APIs, and protocols.
• Proficiency in programming languages commonly used in application development, such as Java, C#, Python, or JavaScript.
• Knowledge of key security configurations for services such as EC2, S3, RDS and EKS
• Strong customer service skills

We offer a competitive salary range for this position. Most candidates who join our team are hired at the median of this range, ensuring fair and equitable compensation based on experience and qualifications.

Contractor benefits are available through our 3rd Party Employer of Record (Available upon completion of waiting period for eligible engagements)

Benefits include: Medical, Dental, Vision, 401k.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.