Application Security Engineer

The Application Security (AppSec) Engineer is a technical expert in technical analysis and design of Application Security systems. You will ensure applications in the AP environment are secure and implemented with best security practices. You will provide technical guidance to business teams and organizations as needed in building, remediating, or integrating applications in our environment. Your primary focus will be identifying and mitigating potential security risks to ensure the integrity and confidentiality of our systems and data.

The Ideal Candidate

• You are adept at managing complex competing priorities across business and regulatory frameworks.
• You have experience building automated processes for AppSec.
• You have a need to collaborate when helping people process through security best practices.
• You have a deep understanding of Application Security and an ability to prioritize.

If this sounds like you, we invite you to keep reading and apply!

• Perform thorough penetration testing and vulnerability assessments on various applications, services, and vendors to identify potential security weaknesses and vulnerabilities.
• Conduct source code reviews to identify and analyze vulnerabilities and flaws in applications, services, and vendor-provided software.
• Perform threat modelling and threat assessment on various applications, services, and vendors to identify potential security weaknesses.
• Develop and execute comprehensive test plans, exploit known vulnerabilities, and employ various testing methodologies to simulate real-world attack scenarios.
• Collaborate with cross-functional teams, including developers and system administrators, to provide recommendations and guidance on remediation strategies for identified vulnerabilities.
• Manage and coordinate vendor security reviews, ensuring that all necessary security assessments are conducted and documented.
• Evaluate and triage bug bounty findings, working closely with the development team to provide clear and actionable recommendations for addressing the identified security issues.
• Stay up to date with the latest security vulnerabilities, threats, and industry best practices, and contribute to the development and improvement of security testing methodologies and processes.
• Maintain accurate and detailed documentation of security assessment activities, findings, and remediation efforts.
• Travel as needed, up to 15%.

To help you make the best decision for your personal growth, it’s important to us to share a glimpse of what we offer our top asset, our people: 

• Competitive base salary 
• Generous 30+ Days Comprehensive Paid Time Off Package inclusive of Paid Time Off, 10 Company Holidays, 2 Floating Holidays, 5 Sick Days, and 2 Volunteer Days
• Health benefit options with you in mind; 5 affordable medical plan options with rates based on your salary, company paid HSA contribution with eligible HSA plan selection, 2 dental plan options offering orthodontia coverage and 3 cleanings per year, and 2 vision plan options 
• Company match 401(k) plan – 50% up to 6%! 
• Support of your fitness wellness goals! We offer up to 75% off at over 11,000 gyms and fitness centers 
• Opportunity to prioritize your mental health with 24/7 access to licensed therapists 
• Pet benefits & discounts 
• Access to our Employee-led Resource Groups (ERGs) that lend a voice to the variety of demographics represented throughout AssuredPartners 

• 3-5 years’ experience as an Application Security Engineer with knowledge of web Application Security, SDLC, secure coding and automation enablement.
• Understanding of common vulnerabilities such and SQL injection and x-site scripting.
• Knowledge and experience with testing and assessment tools (e.g. Burp Suite, OWASP ZAP, Nessus, Nmap) and their application in vulnerability identification an mitigation.
• Familiarity with security standards and frameworks (OWSP, NIST, PCI DSS, ISO 27001, SOC 1 and 2) and their practical application in securing applications.
• Scripting/coding skills in one or more languages such as Python, Ruby or Golang.

AssuredPartners is committed to embracing diversity, equity and inclusion to create a workplace that welcomes and thrives on the unique experiences, perspectives and contributions of all team members. AssuredPartners is bringing the best people and most diverse talent forward to drive growth, innovate and think bigger!