Summary

The Application Security Engineer plays a crucial role in securing our growing portfolio of applications. This role will focus on integrating security best practices into the Software Development Lifecycle (SDLC), ensuring compliance with regulatory requirements, proactively mitigating threats, and collaborating closely with developers to enhance the overall security posture of our applications.

As a subject matter expert in application security, the Application Security Engineer will lead the charge in finding and implementing innovative security solutions while ensuring the organization remains resilient against evolving threats. This individual will work closely with development and IT teams to embed security into application architecture, offer technical guidance to junior team members, and drive the implementation of security initiatives essential for meeting business and compliance needs.

Responsibilities

• Work with development teams to integrate security best practices throughout the application lifecycle, from design to deployment
• Find security threats and vulnerabilities in applications and recommend risk mitigation strategies
• Conduct static and dynamic application security testing (SAST/DAST), code reviews, and penetration testing
• Implement and manage security tools, including SAST, DAST, Software Composition Analysis (SCA), and other security scanning solutions
• Provide security awareness training and guidance to development teams on secure coding practices
• Ensure application security practices align with regulatory standards such as NYDFS, NIST, and OWASP guidelines
• Support incident response efforts related to application security vulnerabilities and exploits
• Partner with DevOps, IT, and security teams to ensure a security-first approach in CI/CD pipelines
• Design and oversee the implementation of authentication, authorization, and access control mechanisms for APIs and platforms

• 5+ years of experience in application security, secure software development, and vulnerability management
• Strong knowledge of secure coding practices, OWASP Top 10, and common security vulnerabilities
• Experience with containerization technologies such as Docker and Kubernetes, the principles of container operation, and their secure interaction
• Experience with security testing tools (e.g., Burp Suite, Fortify, Veracode, or similar)
• Familiarity with DevSecOps principles and integrating security into CI/CD pipelines
• Direct experience with security tools such as vulnerability scanners, intrusion detection systems, and log analysis tools
• Understanding of regulatory frameworks and compliance requirements (e.g., NYDFS, GDPR, SOC 2)
• Ability in scripting and automation using languages such as Python, PowerShell, or Bash
• Relevant certifications such as Certified DevSecOps Engineer, CISSP, OWASP certifications, GIAC GWAPT

The H.W. Kaufman Group is a global, forward-thinking specialty insurance organization that includes 15 companies with more than 2,000 professionals at 60 offices across the U.S., Canada and UK. With an ever-broadening group of companies in our portfolio, there is simply not a more unique professional experience in the specialty insurance business than joining one of the H.W. Kaufman Group organizations.

Equal Opportunity Employer 

The H.W. Kaufman Group of companies is an equal opportunity employer. All employment decisions are based on business needs, job requirements and individual qualifications, without regard to race, color, religion, gender, gender identity, age, national origin, disability, veteran status, marital status, sexual orientation, genetic information or any other status or condition protected by the laws or regulations in the locations where we operate.