Senior Application Security Engineer (FULLY REMOTE)
The Hanover Insurance Group
Senior Application Security Engineer (FULLY REMOTE)
For more than 170 years, The Hanover has been committed to delivering on our promises and being there when it matters the most. We live our values every day, demonstrating we CARE through our values, ESG initiatives and IDE journey.
Our Information Security Engineering team is seeking a Senior Application Security Engineer to join the growing Hanover organization as a fully remote employee.
The Senior Application Security Engineer will be responsible for working with development and DevOps teams to deliver application security standards and solutions that help development and engineering teams evolve towards a DevSecOps model while driving adoption of secure software development practices across the enterprise.
A candidate with a background in software development and a strong understanding of software development lifecycle and DevSecOps is preferred but other relevant skill sets will be considered.
The ideal candidate is a good communicator, persuasive, analytical, understands risk and is knowledgeable in application development and application security.
IN THIS ROLE, YOU WILL:
- Develop and update application security standards, secure coding principles, and threat modeling processes.
- Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance
- Integrate application security testing and controls into different phases of teams’ development lifecycles.
- Coordinate application security program metrics and reporting
- Support ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system
- Assist with training and mentoring of security champions
- Partner with third party vendors to deliver software security tools and services
- Provide expert consultation on application security requirements and best practices in relation to vulnerability scanning and secure application design
- Partner closely on security operations tasks with cross-functional teammates in IT, DevOps, Engineering, and Test.
- Engage with product owners, project managers and developers to conduct security reviews, identify risks and conform to organizational remediation/mitigation timelines.
WHAT YOU NEED TO APPLY:
- A Bachelor's degree in Computer Science or technology/information security-related field.
- 5+ years of combined hands-on experience in software development and/or application engineering
- Experience working with various development technologies including programming languages/frameworks supporting both backend and frontend development, source control management systems, and CI/CD tooling
- Experience with Application Security tools such as Static Application Security Tests (SAST), Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA), penetration testing, threat modeling.
- Functional understanding in tooling integrations that support agile, CI/CD, and DevSecOps methodologies
- Strong knowledge of software security risks and threats (such as OWASP top 10)
- Strong knowledge in vulnerability management processes and tools
- Strong knowledge of secure software development life cycle.
- Experience with threat modeling, software composition analysis, and vulnerability disclosure programs
- Strong understanding of development methodologies, particularly Agile and DevOps.
- Strong knowledge in cloud technologies and how to secure applications in cloud
- Able to explain impact of vulnerabilities and mitigating strategies to application development teams as well as work with the SOC on discovery and remediation.
- Able to work independently with minimal guidance and act as coach to other team members as necessary.
- Experience leading through influence
- Communication experience, interpersonal experience, and experience working cross-functionally with various teams.
- Certification in cloud security and CISSP is preferred.
It’s not just a job, it’s a career, and we are here to support you every step of the way. We want you to be successful and fulfilled. Through on-the-job experiences, personalized coaching and our robust learning and development programs, we encourage you – at every level – to grow and develop.
We offer comprehensive benefits to help you be healthy, build financial security, and balance work and home life. At The Hanover, you’ll enjoy what you do and have the support you need to succeed.
- Medical, dental, vision, life, and disability insurance
- 401K with a company match
- Tuition reimbursement
- Company paid holidays
- Flexible work arrangements
- Cultural Awareness Day in support of IDE
- On-site medical/wellness center (Worcester only)
- Click here for the full list of Benefits
The Hanover values diversity in the workplace and among our customers. The company provides equal opportunity for employment and promotion to all qualified employees and applicants on the basis of experience, training, education, and ability to do the available work without regard to race, religion, color, age, sex/gender, sexual orientation, national origin, gender identity, disability, marital status, veteran status, genetic information, ancestry or any other status protected by law.
Furthermore, The Hanover Insurance Group is committed to providing an equal opportunity workplace that is free of discrimination and harassment based on national origin, race, color, religion, gender, ancestry, age, sexual orientation, gender identity, disability, marital status, veteran status, genetic information or any other status protected by law.”
As an equal opportunity employer, Hanover does not discriminate against qualified individuals with disabilities. Individuals with disabilities who wish to request a reasonable accommodation to participate in the job application or interview process, or to perform essential job functions, should contact us at: HRServices@hanover.com and include the link of the job posting in which you are interested.
Applicants who are California residents: To see the types of information we may collect from applicants and employees and how we use it, please click here.
- Job Function Information Technology
- Pay Type Salary
- Required Education Bachelor’s Degree