Staff Application Security Engineer

Assured is on a mission to modernize insurance. Claims processing (i.e. should we pay this claim?), while often overlooked, is the foundation of the entire industry. It’s currently highly manual, involving phone calls, faxes, and gut instinct—costing tens of billions of dollars a year. We can do better.

At Assured, we provide large insurers with the software solutions they need to win in a modern, technology-driven world. From self-service claim filing software to backend fraud detection, we’re the engine that powers claims processing for some of the largest insurers in the world.

The challenges we face are deep and diverse—from creating digital experiences that provide comfort and clarity to claimants at their most stressed and vulnerable to orchestrating large-scale ML-driven decision-making on billions of dollars of claims payments, life at Assured is dynamic, collaborative, and rewarding.

We are looking for a Staff Application Security Engineer to join our growing team.

You will…

🥊 Lead Red Team operations and penetration test campaigns, providing expert-level insight into process, procedure, and post-mortem

💡 Develop a clear understanding of vulnerabilities and drive efforts to remediate findings

🔒 Lead in developing automated security testing to validate that secure coding best practices are being used

🫡 Provide expert guidance and direction for other team members when they encounter challenges in their security reviews

📝 Own documentation and procedures surrounding application security reviews and lead by example for what successful application security reviews look like

⚖️ Drive initiatives that scale application security and holistically address multiple vulnerabilities

🤝 Guide and advise development teams as an SME in the area of application security

🪲 Develop, support, and evolve the bug bounty program. Take initiative and drive changes in the bug bounty program

𝌚 Lead both critical and regular security releases within our applications

🧪 Lead application security reviews and threat modeling, including code review and dynamic testing

👮 Scale application security by developing automated security testing or centralized security libraries that scale directly with developers and enable them to easily write secure code

🚃 Develop security training and socialize the material with internal development teams. Have significant ownership in and evangelize security training with development teams

You have…

🚨 Strong expert understanding and experience with common security libraries, security controls, and common security flaws

🐍 Strong development or scripting experience and skills. You’re able to significantly and effectively contribute to product security. Typescript, Python, and Terraform are preferred

👯‍♂️ Strong experience working closely with developers

👨‍💻 DevSecOps experience

🗣️ Familiarity and ability to explain security flaws and ways to address them (e.g. OWASP Top 10)

🎙️ Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics clearly and concisely. Demonstrated expert in documentation

📀 Strong understanding of the Software as a Service (SaaS) model

🛜 Expert understanding of internet security issues, application security technologies, cloud architectures, and threat landscape concepts

😎 Experience leading efforts or managing application security teams working in the DevOps model

☁️ Hands-on experience architecting, automating, maintaining, and securing Cloud Computing Platforms. AWS experience is a must

Benefits:

🤑 Competitive salary and equity packages (75%tile)

🏥 Health Care Plan (Platinum Medical, Dental, & Vision)

🌧 Life Insurance (No cost to you)

🏄 Paid Time Off (Uncapped vacation days & paid holidays)

👶 Family Leave (Maternity, Paternity)

📈 401(k) contribution (Assured contributes 3% of your income even if you don't contribute)

👪 Health and Dependent Care FSAs (Pre-tax flexible spending accounts for out-of-pocket expenses)

We are an equal-opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.