Application Security Engineer

Who are we

Western National Insurance Group is a private mutual insurance company with over 120 years of experience serving customers property-and-casualty insurance needs in the Midwestern Northwestern and Southwestern United States. Known as The Relationship Company we define success as a measure of the relationships weve built over everything that we do we know that delivering a friendly and helpful interaction makes for a better experience for everyone involved. Thats the power of nice. At Western National nice is something we work to bring to every person and organization with whom we partner and serve.

Does this opportunity interest you

Western National is seeking an Application Security Engineer to join our cybersecurity team!

The individual in this role will have the opportunity to build an application security program from the ground up. The individual in this role will be responsible for developing and implementing an enterprisewide application security program by conducting security assessments implementing security best practices and developing security tools and solutions. This individual will also collaborate with developers QA engineers and other stakeholders to ensure that their applications meet the highest security standards.

What are the responsibilities and opportunities of this role

• Establishes launches and matures the Application Security Program within the development community.
• Performs security testing and code reviews of web applications and APIs to identify and remediate vulnerabilities and risks.
• Provides recommendations and develops implements and maintains security policies guidelines and procedures.
• Delivers security guidance and training to developers and QA engineers to promote secure coding practices.
• Researches and evaluates emerging security technologies and tools to enhance application security capabilities.
• Monitors and responds to security incidents and alerts ensuring timely resolution and mitigation.
• Collaborates with development teams to integrate security practices into the software development lifecycle (SDLC).
• Serves as a subject matter expert on application security best practices and industry standards.
• Leads and coordinates complex tasks across IT engineering and security teams.
• Defines requirements and identifies tools to improve application security capabilities and effectiveness.
• Develops and contributes to operational and executive reporting on application security metrics and performance.
• Makes informed decisions in coordination with management on matters impacting the organization.
• Participates in strategy development and contributes to the evolution of application security practices.
• Applies analytical thinking and problem-solving skills to assess risks prioritize issues and implement effective solutions.
• Drives continuous improvement initiatives and supports the implementation of security enhancements.
• Consistently acts according to our customer experience standards including responding quickly maintaining a positive attitude building rapport demonstrating empathy managing expectations using appropriate communication channels and taking ownership to resolve issues.
• Participates in a rotational on-call schedule.
• Performs special projects and other duties as assigned.

What are the must-have qualifications for a candidate

• Three or more years of experience in application security with strong knowledge of web and API security concepts and best practices.
• 10 or more years of experience in information technology.
• Ability to build an application security program from the ground up.
• Proficient in at least one programming language ideally Java but Python C# etc. are also acceptable.
• Experience with security testing (e.g. SAST SCA and DAST) tools and frameworks (e.g. OWASP ZAP Burp Suite).
• Experience with CI / CD pipelines DevOps and automation tools.
• Familiarity with GitHub repositories.
• Previous experience with SDLC development and hands-on programming within a modern CI / CD pipeline.
• Ability to mentor and train team members particularly in environments with limited application security expertise.
• Demonstrated understanding of the information security landscape and a broad range of security technologies.
• Proven ability to communicate clearly and effectively both verbally and in writing to technical and nontechnical audiences.
• Proficient use of various core systems office and computer equipment and software packages.
• Bachelors degree in information security or related discipline; experience in lieu of degree acceptable.

What will our ideal candidate have

• Demonstrated project management skills.
• Proven ability to develop and maintain concise and accurate plans documentation run books and reports.
• Proven ability to prioritize and meet deadlines.
• High degree of discretion / confidentiality solid problem-solving skills and close attention to detail.

Compensation overview

The targeted hiring range for this role is $125800 $179850 annually. However the base pay offered may vary depending on the job-related knowledge skills credentials and experience of each candidate as well as other factors such as the scope and location of the role. Candidates looking for compensation outside of the posted range are encouraged to apply and will be considered based on their individual qualifications and / or may be considered for other positions.

Culture and Total Rewards

Western National has long been known as The Relationship Company and caring for our employees is part of that relationship commitment. We value connectiveness empowerment and accountability and we believe that our employees are our biggest asset.

Currently ranked as the 41st largest private company by revenue in Minnesota (Minneapolis/St. Paul Business Journal) Western National has earned accolades year-over-year as an employer of choice and garnered multiple awards for wellness in the workplace. Western National has also been named a Top Workplace by the Star Tribune for consecutive addition the Group is consistently recognized as a Wards 50 property-and-casualty insurance company for its outstanding financial results.

Western National offers full-time employees a significant Total Rewards Package including:

• Medical insurance plan options and other standard employee benefits including dental insurance vision benefits life insurance disability insurance and more!
• Health Savings Accounts (HSA) and Flexible Spending Accounts (FSA)
• 401(k) Plan (participants are eligible for 100% matching on the first 6% of their contributions)
• Wellbeing Program including onsite fitness studio
• Paid Time Off including holiday vacation and volunteer
• 100% company-paid tuition reimbursement for approved job-relevant coursework and access to The Institutes (Risk and insurance education)
• Paid parental leave
• Bonus opportunities

Western National believes in supporting balance between work and life by providing a flexible work environment which includes a variety of hybrid and remote work arrangements designed to balance individual job department and company needs.

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

Western National provides employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race color religion age sex national origin disability status genetics protected veteran status sexual orientation gender identity or expression or any other characteristic protected by federal state or local laws.

#LI-AN1

#Ind123