Application Security Engineer

Summary

Join Quanata's Product Security team as an Application Security Engineer and play a pivotal role in ensuring the security and integrity of our applications and services. You will collaborate with development and product teams, participate in secure code reviews, implement security best practices, and respond to identified vulnerabilities. This role requires strong communication skills, collaboration abilities, and experience in application security engineering. The ideal candidate will have a background in information security, familiarity with cloud-based hosting providers, and knowledge of OWASP standards. Quanata offers a competitive salary, comprehensive benefits, and opportunities for professional development. We are a remote-first company, providing flexibility and work-from-home options.

Requirements

• Bachelor’s degree or equivalent, relevant experience and; 3 - 5 years of experience in information security, with at least 2 years of experience in application security engineering
• Experience in working with software development teams to integrate security into complex application ecosystems
• Familiarity with security-by-design principles and a solid understanding of application security frameworks and standards
• Familiarity with cloud-based hosting providers like AWS, Google Cloud or Microsoft Azure
• Knowledge of OWASP and relevant standards like the Top 10, ASVS and MASVS
• Proficiency in at least one programming language and relevant security tools
• Familiarity with threat modeling paradigms such as STRIDE or STRIPED
• Strong communication skills, with the ability to collaborate effectively with development teams and other stakeholders
• Ability to work in a fast-paced environment, managing multiple tasks and priorities

Responsibilities

• Collaborate with development and product teams to integrate security solutions into business-critical applications
• Assist in creating and refining product security threat models, focusing on security measures tailored to the unique challenges of the insurance sector
• Participate in secure code reviews and product security testing to identify vulnerabilities
• Implement application security best practices throughout the software development lifecycle
• Respond to vulnerabilities identified through internal security testing, prioritizing according to business impact
• Support initiatives to enhance security awareness and practices within the application development teams
• Work closely with compliance teams to ensure that applications adhere to industry-specific regulations and standards
• Document security procedures, best practices, and team initiatives using repeatable patterns

Preferred Qualifications

• Certifications in security architecture or application security (e.g., CSSLP, GWEB, OSWE)
• Familiarity with the insurance industry or a similarly regulated sector and its impact on application security
• Experience with cloud-based security solutions and familiarity with cloud service providers, particularly in relation to application security
• Experience with mobile application development, quality assurance testing, and penetration testing
• Experience with artificial intelligence and prompt engineering
• Hands-on experience with threat modeling, risk assessment, and vulnerability management
• Proficient in scripting security tasks
• Regular attendance at regional and national industry conferences such as DEF CON, BSides, RSA, or BlackHat
• Regular contributions to the professional community through presentations, training, mentoring, publications or social media

Benefits

• Medical, dental, vision, life insurance and supplemental income plans for you and your dependents
• A Headspace app subscription
• Monthly wellness allowance
• A 401(k) Plan with a company match
• One-time payment of $2K will be provided to cover the purchase of in-home office equipment and furniture at your discretion
• MacBook Pros, which we will deliver to you fully provisioned prior to your first day
• All employees accrue four weeks of PTO in their first year of employment
• New parents receive twelve weeks of fully paid parental leave which may be taken within one year after the birth and/or adoption of a child
• The twelve weeks is applicable to both birthing and non-birthing parent
• All employees receive up to $5000 each year for professional learning, continuing education and career development
• All team members also receive LinkedIn Learning subscriptions and access to multiple different coaching opportunities through BetterUp