Application Security Engineer (Remote)

$110,000 - $140,000 / year

Vertafore is a leading technology company whose innovative software solution are advancing the insurance industry. Our suite of products provides solutions to our customers that help them better manage their business, boost their productivity and efficiencies, and lower costs while strengthening relationships.

Our mission is to move InsurTech forward by putting people at the heart of the industry. We are leading the way with product innovation, technology partnerships, and focusing on customer success.

Our fast-paced and collaborative environment inspires us to create, think, and challenge each other in ways that make our solutions and our teams better.

We are headquartered in Denver, Colorado, with offices across the U.S., Canada, and India.

The Application Security Engineer at Vertafore is responsible for validating that application products and services are designed and implemented with high security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, this role evaluates development practices identifying potential for vulnerabilities before they are introduced. As issues are uncovered, the senior application security engineer communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation. The Application Security Engineer is constantly applying strategic thinking and new methodologies to assess key applications and processes for weaknesses and finding resolutions before they can be abused. The Application Security Engineer has the security and application expertise needed to contribute directly to vulnerability remediation.

This position is also responsible for assessing the security of applications for business-to-business initiatives, third-party relationships, outsourced solutions and vendors. Considered a knowledgeable individual, the Application Security Engineer is expected to identify and contribute to programmatic controls, monitor and manage secure development practices to address modern day issues, and act as subject-matter experts on multiple types of vulnerabilities and attacks. Application Security Engineer think like attackers, but always acts with integrity and do not abuse their privilege.

Responsibilities

Information Security and Integrity

• Perform full testing and scanning of Vertafore's products to uncover real or potential security issues or concerns in our products, including code quality.
• Document security findings with reasonable reproduction steps and methodologies for remediation.
• Focus on automation to aid in efficiencies with both testing and remediation of findings.
• Develop, share, and maintain tools and scripts used in the testing and evaluation of Vertafore's products and services.
• Work with teammates to learn and regularly share skills and foster team excellence.
• Work in tandem with developers to provide repetitive validation testing prior to production, while allowing for a continuous cycle of development followed by application security assessments.
• Monitor the security community for public-facing security issues and evaluate impact.
• Attend and participate in application project and product stakeholder meetings. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning.
• Improve and follow security review processes to ensure an automated and repeatable process is managed. This can be through the use of dynamic and static code analysis resources.
• Use security standards and implementation configurations, as well as common security frameworks.
• Document delivery and implementation improvements to meet and improve service-level agreements.
• Participate in security team meetings that facilitate secure design.
• Engage in information security projects that evaluate existing security infrastructure and propose changes to align with requirements from security leadership and architects. Additionally, deliver projects on time, within budget, and in accordance with SLAs.
• (SLAs) and business metrics.
• Align with architects and development teams for a mission of secure design.
• Train developers and junior application security engineers on weaknesses to avoid.
• Identify and develop practices to support application security in a highly compliant and regulated environment - ISO 27001/27002, Personally Identifiable Information Protection, Health Insurance Portability and Accountability Act of 1996 (HIPAA), etc.
• Work in tandem with architects, other security engineers, and development team members.
• Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not impacted.
• Identify and drive security efficiencies
• Provide technical guidance to new hires and interns as needed.
• Participate and contribute to threat modeling exercises, may lead as needed/able.

Knowledge, Skills and Abilities:

Desired framework skills we are seeking:

1. Angular JS

2. Apache Struts 1 and 2

3. ASP.NET

4. Bootstrap

5. CakePHP

6. Catalyst

7. CppCMS

8. Django

9. Flask

10. Grok

11. Google Web Toolkit

12. Java

13. JBoss Seam

14. JQuery

15. MODX

16. Ruby on Rails

17. WebGUI

Requirements

• Bachelor's degree or equivalent experience required
• 2+ years relevant experience required, 3+ preferred

THE VERTAFORE STORY

Over the past 50 years, Vertafore has advanced the entire insurance distribution channel with the best software solutions in the industry. Today, we're proud to say hundreds of thousands of Vertafore users rely on our solutions to write business faster, reduce costs, and fuel growth by increasing collaboration and streamlining processes. Vertafore leads the industry with secure, cloud-based mobile products that provide superior reporting and analytics, delivering actionable insight- right when customers need it most. We partner with other leading technology companies to deliver comprehensive solutions to improve the way our customers do business and serve their customers.

The Vertafore Way

Insurance is about relationships, and technology should make those relationships stronger. That's why, at Vertafore, it's our mission to transform the way the industry operates by putting people at the heart of insurance technology. By focusing on our customers, becoming better every day, and delivering results you can see, we provide the level of trust and security that insurance is all about.

· Bias to Action: We're united by an innate drive to take action and make a difference in the technology and insurance spaces.

· Win Together: We work together as one team, showing empathy and respect along the way.

· Show Up Curious: We work to challenge one another to push boundaries and think beyond the box.

· Say It, Do It: We honor every one of our commitments because integrity is important to us.

· Customer Success is Our Success: We cultivate authentic relationships and follow up by actively listening to their needs.

· We Love Insurance: We appreciate the impact insurance has on the world.

Is this role not an exact fit for you? Keep an eye on our Careers Page for other positions!

Vertafore is a drug free workplace and conducts preemployment drug and background screenings.

The selected candidate must be legally authorized to work in the United States.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all the job responsibilities, duties, skill, or working conditions. In addition, this document does not create an employment contract, implied or otherwise, other than an "at will" relationship.

Vertafore strongly supports equal employment opportunity for all applicants regardless of race, color, religion, sex, gender identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, sexual orientation, genetic information, or any other characteristic protected by state or federal law.

We do not accept resumes from agencies, headhunters, or other suppliers who have not signed a formal agreement with us.