Application Security Analyst

Job Title: Application Security Analyst

Reporting to: Application Security Lead

Direct Reports: None

Position Type: Full Time

Why Tokio Marine HCC

Standing still is not an option in the current world of Insurance. TMHCC is one of the worlds leading Specialty Insurers. With deep expertise in our chosen lines of business our unparalleled track record and a solid balance sheet TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit empowering our people and delivering on our commitments are at the core of our customer values along with a desire to grow and provide creative and innovative solutions to our clients.

About Operations

Operations sits at the heart of TMHCC we ensure the smooth running of all business processes from policy administration and claims handling to data technology and delivery. We focus on driving efficiency which enables our teams across the business to deliver exceptional results every day. Our value statement: Ops makes it happen.

Operations is made up of 7 functions this role sits within: IT

We are the foundation for TMHCCs success - enabling the business to grow compete and innovate through technology security and solution design. From shaping strategy to delivering resilient operations we ensure every capability is aligned to business value. Our inclusive and collaborative culture empowers everyone to explore ideas solve meaningful challenges and build fulfilling careers that make a real impact.

Job Purpose:

To support and enhance TMHCCs application security capability by embedding security controls into the software development lifecycle working hands-on with engineering teams to identify assess and remediate application security risks. Reporting to the Application Security Lead in the Business Information Security Office you will provide support across all application security technologies and processes to monitor and respond to vulnerabilities detected across our application landscape.

Key Responsibilities:

• Support the application security testing programme through the use of approved enterprise tools for SAST SCA DAST API security and penetration tests.

• Validate findings and perform manual security reviews across web API and internal applications.

• Triage validate and prioritise vulnerabilities in collaboration with development and application teams ensuring findings are risk-based and actionable.

• Track remediation activities and support timely closure of vulnerabilities including root-cause analysis to reduce recurring issues.

• Support secure development by contributing to secure coding standards guidelines and reusable security components or guardrails.

• Operate application security tooling within CI/CD pipelines to enable DevSecOps practices.

• Work closely with developers to provide guidance improve secure coding practices and support delivery objectives.

• Maintain application security metrics dashboards and reports for technical teams and stakeholders ensuring alignment with internal policies and governance requirements.

Performance Objectives:

• Effectively operate application security tooling (e.g. SAST SCA DAST API security) within existing SDLC and CI/CD processes ensuring vulnerabilities are accurately triaged prioritised and communicated to engineering teams.

• Partner with development teams to analyse vulnerabilities provide technically accurate remediation guidance and reduce the recurrence of common application security flaws.

• Deliver application security metrics and reporting maintaining dashboards and tracking remediation progress to support risk visibility governance and stakeholder decision-making.

Skills and Experience Specification:

Essential:

• Hands-on experience in Application Security DevSecOps or a related security engineering role.

• Practical experience operating and supporting application security tooling for SAST SCA DAST and API security within an enterprise environment.

• Strong understanding of secure coding principles and common application vulnerabilities including OWASP Top 10 and MITRE Top 25.

• Experience triaging validating and prioritising vulnerabilities working with development teams to support effective remediation.

• Ability to read and understand code in at least one modern programming language (e.g. C# JavaScript Python).

• Familiarity with CI/CD pipelines and integrating security controls into development workflows (e.g. GitHub Azure DevOps).

• Understanding of authentication and authorisation concepts including OAuth OIDC SSO and role-based access control.

• Experience maintaining security metrics dashboards or reports to support risk visibility and governance.

Desirable:

• Experience supporting or contributing to DevSecOps automation including scripting with Python Bash or similar languages.

• Knowledge of software supply chain security including dependency management and artefact repositories (e.g. Artifactory).

• Exposure to cloud-native and containerised environments including AWS or Azure Kubernetes and microservices architectures.

What We Offer

The Tokio Marine HCC Group of Companies offers a competitive salary and employee benefit package. We are a successful dynamic organization experiencing rapid growth and are seeking energetic and confident individuals to join our team of professionals.

The Tokio Marine HCC Group of companies is an equal opportunity employer. Please visit for more information about our companies.

#LI-HJ1