Job Description
Job Type Full-time Description Who are we? Western National Insurance Group is a private mutual insurance company with over 120 years of experience serving customers' property-and-casualty insurance needs in the Midwestern, Northwestern, and Southwestern United States. Known as “The Relationship Company®,” we define success as a measure of the relationships we’ve built over time. In everything that we do, we know that delivering a friendly and helpful interaction makes for a better experience for everyone involved. That’s the power of “nice”. At Western National, nice is something we work to bring to every person and organization with whom we partner and serve. Does this opportunity interest you? Western National is seeking an Application Security Engineer to join our cybersecurity team! The individual in this role will have the opportunity to build an application security program from the ground up. The individual in this role will be responsible for developing and implementing an enterprisewide application security program by conducting security assessments, implementing security best practices, and developing security tools and solutions. This individual will also collaborate with developers, QA engineers, and other stakeholders to ensure that their applications meet the highest security standards. What are the responsibilities and opportunities of this role? Establishes, launches, and matures the Application Security Program within the development community. Performs security testing and code reviews of web applications and APIs to identify and remediate vulnerabilities and risks. Provides recommendations and develops, implements, and maintains security policies, guidelines, and procedures. Delivers security guidance and training to developers and QA engineers to promote secure coding practices. Researches and evaluates emerging security technologies and tools to enhance application security capabilities. Monitors and responds to security incidents and alerts, ensuring timely resolution and mitigation. Collaborates with development teams to integrate security practices into the software development lifecycle (SDLC). Serves as a subject matter expert on application security best practices and industry standards. Leads and coordinates complex tasks across IT, engineering, and security teams. Defines requirements and identifies tools to improve application security capabilities and effectiveness. Develops and contributes to operational and executive reporting on application security metrics and performance. Makes informed decisions in coordination with management on matters impacting the organization. Participates in strategy development and contributes to the evolution of application security practices. Applies analytical thinking and problem-solving skills to assess risks, prioritize issues, and implement effective solutions. Drives continuous improvement initiatives and supports the implementation of security enhancements. Consistently acts according to our customer experience standards, including responding quickly, maintaining a positive attitude, building rapport, demonstrating empathy, managing expectations, using appropriate communication channels, and taking ownership to resolve issues. Participates in a rotational on-call schedule. Performs special projects and other duties as assigned. Requirements What are the must-have qualifications for a candidate? Three or more years of experience in application security with strong knowledge of web and API security concepts and best practices. 10 or more years of experience in information technology. Ability to build an application security program from the ground up. Proficient in at least one programming language, ideally Java, but Python, C#, etc., are also acceptable. Experience with security testing (e.g., SAST, SCA, and DAST) tools and frameworks (e.g., OWASP ZAP, Burp Suite). Experience with CI / CD pipelines, DevOps, and automation tools. Familiarity with GitHub repositories. Previous experience with SDLC development and hands-on programming within a "modern" CI / CD pipeline. Ability to mentor and train team members, particularly in environments with limited application security expertise. Demonstrated understanding of the information security landscape and a broad range of security technologies. Proven ability to communicate clearly and effectively, both verbally and in writing, to technical and nontechnical audiences. Proficient use of various core systems, office and computer equipment, and software packages.