Senior Application Security Engineer

Amerisure creates exceptional value for its partners policyholders and employees. As a property and casualty insurance company Amerisures promise to our partner agencies and policyholders begins with a comprehensive line of insurance products designed to protect businesses as well as the health and safety of every employee. With an A.M. Best A (Excellent) rating Amerisure serves mid-sized commercial enterprises focused in construction manufacturing and healthcare. Ranked as one of the top 100 Property & Casualty companies in the United States we proudly manage nearly $1 Billion of Direct Written Premium and maintain $1.21 billion in surplus.

Amerisure is hiring!! This role would prefer someone onsite hybrid in our Farmington Hills office but can sit remotely for the right candidate. Were looking for a Senior Application Security Engineer who can take ownership of security initiatives shape our strategy and partner closely with engineering teams to safeguard our applications from the ground up. The ideal candidate will possess the following skill set.

Summary Statement

The Senior IT Security Engineer designs implements and maintains security controls to protect the organizations systems and data. This role leads security monitoring vulnerability management and incident response efforts while embedding security throughout the SDLC and integrating testing capabilities into CI/CD pipelines. The engineer supports secure development practices and conducts application and API penetration testing. Working closely with development QA DevOps and architecture teams this role strengthens the security posture of missioncritical SaaS and hybrid cloud applications. The Senior Engineer also advises leadership on security strategies emerging technologies and alignment with business goals ensuring innovative compliant and effective security solutions.

Essential Tasks/Major Duties

• Configure implement and maintain security systems with a hands-on approach to ensure the integrity availability and resilience of the organizations IT infrastructure applications and data.
• Serve as a subject matter expert for application API and integration security across the enterprise. Establish and embed secure development requirements best practices patterns and guardrails (Left Shift) across platforms technology stacks and development teams to enhance the overall application and API security posture.
• Define design implement and continuously improve application security processes tools and metrics. Integrate and optimize SAST SCA IAST DAST and secrets detection tools within CI/CD pipelines and monitor track and report application and API security metrics to leadership.
• Conduct comprehensive application and API security reviews vulnerability assessments and penetration testing actively configuring and fine-tuning security tools to identify and remediate gaps.
• Collaborate with cross-functional teams to enforce security best practices and ensure compliance with relevant standards and frameworks (e.g. NIST CSF NY DFS MI DIFS OWASP HIPAA/HTRUST) configuring security solutions to meet evolving business and regulatory requirements.
• Lead incident response and digital forensics investigations providing technical expertise to analyze cyber events and implement effective remediation actions that minimize operational impact.
• Mentor and guide security team members sharing knowledge and expertise in application and API security threat analysis vulnerability management cloud security and cryptography while fostering a collaborative learning-driven team culture.

Knowledge Skills & Abilities

• Bachelors degree or equivalent combination of education and experience.
• 7 years of experience in Application and API Security within a DevSecOps environment.
• Required certifications include at least one CISSP CSSLP CCSP GSEC CEH CISM or CRISC in addition to platform-specific certifications (AWS Microsoft Cisco etc.) or domain specific certifications (OSWE OSCP GWAPT or GWEB).
• Experience in Property & Casualty insurance or other regulated industries preferred.
• Proven experience securing SaaS and custom applications in complex multi-cloud environments applying security best practices and compliance frameworks.
• Expert knowledge of secure SDLC principles application and API security container security and secure coding practices. Deep familiarity with OWASP Top 10 OWASP API Security Top 10 and CWE in DevOps environments using TeamCity Azure Pipelines GitHub Actions and Bitbucket Pipelines.
• Extensive experience automating security scans and integrating SAST SCA IAST DAST and secrets detection tools into CI/CD pipelines.
• Proficiency in managing application security tools including SonarQube Black Duck Synopsys Seeker Snyk and Wiz Code.
• Strong understanding of modern authentication and authorization protocols including OAuth2 OIDC JWT and mTLS.
• Knowledge of cryptographic protocols and standards such as SSL/TLS SSH PKI and emerging quantum-resistant encryption techniques.
• Solid understanding of security standards and frameworks including NIST CSF NY DFS MI DIFS HIPAA/HITECH MITRE ATT&CK and domain-specific regulatory requirements.
• In-depth knowledge of common attack vectors and tactics with a focus on proactive defense and risk mitigation.
• Proficient in vulnerability assessment and penetration testing tools capable of identifying analyzing and remediating vulnerabilities across applications and systems.
• Familiarity with enterprise platforms such as Guidewire Salesforce Databricks and SnapLogic is preferred.
• Skilled in leading team initiatives using project management and Agile methodologies.
• Excellent communication skills to clearly articulate security risks policies and remediation strategies to both technical and non-technical stakeholders.

#LI-Remote

Just as we are committed to creating exceptional value for our Partners For Success agencies and policyholders Amerisure also remains committed to being an employer of choice. We reinforce this commitment by adhering to an Employee Value Proposition that in part is provided through a competitive total rewards package. This package includes competitive base pay performance-based incentive pay comprehensive health and welfare benefits a 401(k) savings plan with profit sharing and generous paid time off programs. We also offer flexible work arrangements to promote work-life balance. Recognized as one of the Best and Brightest Companies to Work For in the Nation and one of Business Insurance magazines Best Places to Work in Insurance we provide a workplace that fosters excellence and professional growth. If you are looking for a collaborative and rewarding career Amerisure is looking for you.

Amerisure Mutual Insurance Company is an Equal Employment Opportunity employer. Amerisure provides equal employment opportunities to all employees and applicants without regard to race color religion sex (to include sexual orientation and gender identity) national origin age disability genetic information veteran status or any other protected characteristic under applicable federal state or local laws. Amerisure complies with all applicable laws governing nondiscrimination in employment in all locations where the company operates. This policy applies to all terms and conditions of employment including recruiting hiring placement promotion termination layoff recall transfer leaves of absence compensation and training. Amerisure prohibits harassment or discrimination of any kind and is committed to maintaining a workplace free from unlawful harassment or discrimination. Amerisure prohibits retaliation against anyone who reports discrimination participates in an investigation or opposes unlawful practices. Any improper interference with an employees ability to perform their job duties may result in disciplinary action up to and including termination.