At American Family Insurance, we believe people are an organization's most valuable asset, and their ideas and experiences matter. From our CEO to our agency force, we're committed to growing a diverse and inclusive culture that empowers innovation that will inspire, protect, and restore our customers' dreams in ways never imagined.
American Family Insurance is driven by our customers and employees. That's why we provide more than just a job - we provide opportunity.
Whether you're already part of our team in search of a new challenge or new to our company and ready for what's next, you're in the right place. Every dream is a journey that starts with a single step. Start your journey right here.
Join our team. Bring your dreams.
Job ID: R25708 Application Security Engineer - Open to Remote (Open)
Compensation may vary based on the job level and your geographic work location.
Responsible for driving secure software development and testing practices with the goal of protecting commercial, internal, external applications, and data.
Solid foundations in application development and understanding of how information security is used to identify potential risks in design, code, or in deployed applications.
Providing security guidance to development teams is required. Successful candidate will be curious, innovative, and an automation enthusiast to help drive implementation of DevSecOps in the full SDLC.
Collaboration and communication skills will be needed to deliver technical application security analysis, internal/external threat analysis, and security control gap analysis for technical and business stakeholders.
Candidate must be committed to and understand the importance of building security solutions that scale both technically and organizationally, and adapt to changing business requirements.
Develop, integrate, and test security controls within application development framework. Build strong relationships with peers across functions through collaborative engineering operations and initiatives.
Engages with developers to provide remediation support. Design and implement automated solutions to enable security needs. Designs and develops system-security measures to ensure adequate controls are fully integrated.
Validates current and future-state architectural models to assess impact across all security technology systems. Analyzes security access risk gaps and recommends mitigating and compensating security controls. Leads and participates in outage/SWAT meetings to mitigate security access issues.
Implements security best practices and standards across varied engineering teams and environments. Conducts code reviews with a combination of static testing, manual reviews, and dynamic analysis. Performs application design reviews of internal products and applications.
Assists in vulnerability assessments of internal products and applications. Participate in and conduct application threat modeling exercises in order to identify and drive risk decisions, and influence technical designs and architectures.
This position requires travel up to 10% of the time. Education & Licenses
Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent work experience. Specialized Knowledge & Skills Requirements
Demonstrated experience providing customer-driven solutions, support or service. Solid knowledge and understanding of software engineering architectures, system/software designs, and system deployments. Solid knowledge and understanding of Cyber Security, Cyber Engineering, Computer Science, Software Engineering. Solid knowledge and understanding of security technologies and application development methodologies. Demonstrated experience performing cyber threat analysis and incident response. Working knowledge of penetration testing. Solid knowledge and understanding of directory services and identity stores.
Additional Job Information: Strongly Preferred Skills
Solid understanding of common web application technologies, languages, and frameworks. Experience coaching development teams and product owners on building security practices throughout the SDLC and managing and prioritizing risk in an Agile environment. Knowledge of common application vulnerabilities (e.g. OWASP Top 10) and remediation tactics/strategies. Experience working in numerous Cloud and CI/CD environments. Ability to educate software engineers on coding best practices and the latest attack vectors. Mobile app/dev/sec experience. Security+, SSCP, CCSP, CSSLP, CISSP a plus
o Offer to selected candidate will be made contingent on the results of applicable background checks
o Offer to selected candidate is contingent on signing a non-disclosure agreement for proprietary information, trade secrets, and inventions
This role is open to remote work.
When you work at American Family you can expect benefits that support your physical, emotional, and financial wellbeing. You will have access to comprehensive medical, dental, vision and wellbeing benefits that enable you to take care of your health.
We also offer a competitive 401(k) contribution, a pension plan, an annual incentive, and a paid-time off program. In addition, our student loan repayment program and paid-family leave are available to support our employees and their families. Interns and contingent workers are not eligible for American Family Enterprise benefits.
We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.
Stay connected: Join Our Enterprise Talent Community !
Afmic American Family Mutual Insurance Company, S.I.