Go back

Application Security Analyst


12 days ago



Application Security Analyst


About Insurity: 

Insurity is a leading property and casualty insurance software and data analytics providers, working with some of the world’s largest insurers, brokers, and MGAs, including 15 of the top 25 P&C carriers in the US.  With 900+ team members globally, 6 office locations, and 300+ customers, we have a deep understanding of the insurance business, unparalleled technology expertise, and a singular focus of delivering a simplified insurance experience to our customers. 

We are currently looking to fill the following position: 

Application Security Analyst 

Are you someone with a strong security background and who enjoys diving into process analysis, design and management? Do you analyze and solve problems analytically and critically while paying close attention to detail? Are you able to approach multiple tasks with a go-getter spirit? If any of these captures you, check out this great opportunity!

Insurity is looking to add an Application Security Analyst to our growing Enterprise Security team.  You will be tasked with driving secure code initiatives, overseeing the secure SDLC on various products, revealing security weaknesses and architecting solutions to minimize risk and improving security.  You will be a guide and mentor to development teams, educating developers and development support on secure best practices. In addition, you will provide oversight on the design and architecture of new and old software modules and secure code review processes maintaining our secure coding standard. This role reports to the Office of the CISO (Chief Information Security Officer)

What you’ll be doing: 

  • Explain application vulnerabilities and coach developers on appropriate remediation
  • Adhere to the “Security by Design” paradigm
  • Embed security into the day to day activities of our development and DevOps teams
  • Provide input into the application security policies and standards taking the risk appetite of the organization into account
  • Develop and update security patterns aligned with security requirements
  • Stay up-to-date on attack intelligence by collaborating internally with our Enterprise Security Team and externally with others via virtual training, monitoring attacker forums, reading relevant publications and vendor blogs
  • Other duties as assigned

A breakdown: 

Interacting with R&D teams (40%)

  • Secure SDLC Implementation
  • Threat modelling
  • Secure architecture
  • Share knowledge of secure design and coding practices
  • Share knowledge of secure testing

Red Teaming (40%)

  • Automated DAST scanning
  • Manual exploitation
  • Risk identification

Patch Management/Vulnerability Management (15%)

  • Automated scanning (DAST, SCA, IAST)
  • Implement/Architect security gates

Interacting with Customers (5%)

  • Review submitted vulnerabilities for risk
  • Advise customers on risk and remediation timeline

What you’ll need: 

  • 2+ years of software development and/or application security experience including development and scripting (PHP, Java, .NET, Python, C#, PowerShell)
  • Experience working on cloud and/or SaaS applications in an Agile environment
  • Expertise in secure coding practices like OWASP Top 10 / Top 25 vulnerabilities
  • Clear understanding of cryptography and security protocols
  • Familiar with SDLC methodologies such as SCRUM, Agile, DevOps
  • Familiar with Secure SDLC methodologies such as CLASP, Microsoft Security Development Lifecycle (SDL)
  • Familiar with defect management systems such as Team Foundation Server or Jira.
  • Familiar with deployment systems such as Jenkins, ansible, docker, etc..
  • Knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.
  • Knowledge of DAST Scanners and familiar with using Burp Suite.
  • Excellent written and oral English communication skills and interpersonal skills
  • Strong time management skills including work planning, prioritization, and organization while being flexible and adaptable
  • Ability to collaborate and work autonomously
  • Ability to accurately present information to colleagues and stakeholders
  • Willingness to travel to other office locations up to 5%*

Nice to have:

  • Bachelor’s degree in related field
  • Red team or Penetration testing experience a plus
  • Recognized security certification (CISSP, CSSLP, CSSP, C|EH, CISA, CISM, OSCP, etc.) an asset

Our Benefits:

  • Collaborative Culture
  • Flexible Hours
  • Growth Opportunities
  • Day 1 Health Insurance Coverage
  • Open PTO

Location: This position will be Remote (US or Montréal, CA). 

*Travel: Any roles that involve travel are not to be expected to resume until further notice due to COVID-19.

Does Insurity sound like the right place for you?  Send us your application and a cover letter highlighting what sets you apart from the nice-to-haves and makes you a must-have for our team!

Thank you for your interest in Insurity; only those candidates selected will be contacted.

Insurity is proud to be an Equal Opportunity Employer 

Apply for this position