Application Security Analyst - Remote
Application Security Analyst - Remote
Full Job Description
CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for and recover from life's uncertainties, and we're proud of the culture we create together. As we commit to progress over perfection, we recognize that every day is an opportunity to be innovative and adaptable. At CSAA IG, we hire good people for a brighter tomorrow. We are actively hiring for an Application Security Analyst. Join us and support CSAA IG in achieving our goals.
Your Role:
As an Application Security Engineer IV, you will bring a robust foundation in software development, cloud platforms, and application security testing to the table. Your primary responsibilities will include performing advanced application vulnerability scans, addressing and remediating identified issues, and generating comprehensive reports. You will be a key figure in setting, executing, and promoting security standards and best practices. Your expertise in identifying, resolving, and preventing application-level security vulnerabilities will be highly valued and recognized.
Your Work:
• Leverage your extensive knowledge to conduct continuous application vulnerability scanning, remediation, and reporting across a variety of platforms and architectures.
• Identify, fix, and prevent security vulnerabilities in hardware, software, and development processes.
• Handle moderate to complex tasks with minimal oversight, supporting one or more projects that demand specialized expertise.
• Demonstrate advanced skills in multiple technical environments, including Linux, Windows, and Cloud platforms.
• Collaborate closely with cross-functional teams to integrate security best practices into the design and architecture of our applications.
• Develop repeatable and automated security test suites.
• Maintain and update automation processes to ensure they meet established security standards.
• Ensure compliance with security standards in system development, support, assessment, remediation, and configuration/change management.
• Stay current with the latest security trends, vulnerabilities, and attack vectors, and proactively identify potential risks to our applications.
• Utilize your experience with SCM, CI/CD automation, and AppSec testing tools to enhance overall security.
• Work with developers, system administrators, and IT operations to ensure effective communication and alignment on application security initiatives.
• Conduct thorough application security reviews using AppSec tools.
• Perform regular security assessments on applications to identify vulnerabilities and weaknesses in code and configurations.
• Review application code for security flaws, identify areas for improvement, and provide actionable recommendations to developers.
Required Experience, Education, and Skills:
• Bachelor's or equivalent experience in Computer Science, Information Systems, or another related field.
• 6+ years of relevant experience
• Ability to conduct manual assessments using tools like HTTP Proxies (Burp Suite Pro, OWASP ZAP), automation scripts, shell scripting with curl, and other commercial and open-source tools.
• Proficiency in application security testing technologies, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Infrastructure as Code (IaC), Interactive Application Security Testing (IAST), Runtime Application Self-Protection (RASP), as well as cloud and container security.
• Strong foundation in security technologies such as web security, cloud services, identity and access management, web application firewalls, and intrusion detection.
• Solid understanding and hands-on experience with secure software development practices, including threat modeling, secure design principles, secure coding, code analysis, and security testing.
• Ensure that security solutions strike a balance between performance, security, and compatibility.
• Scan CloudFormation templates for security vulnerabilities using tools like Wiz, cfn-nag, Snyk, and Aqua Trivy.
• Knowledge of key security configurations for services such as Amazon EC2, Amazon S3, Amazon RDS, and Amazon EKS.
• Hands-on expertise in cloud security posture management (CSPM) with tools such as AWS Security Hub and Wiz.
• AWS Certified Security - Specialty certification is a plus.
• Experience with auditing and governance services such as AWS Identity and Access Management (IAM), AWS Config, and AWS Systems Manager.
What Would Make Us Excited About You?
• Proven experience in application security, secure coding, and vulnerability assessment.
• A deep understanding of web application architecture, including frameworks, APIs, and protocols.
• Knowledge of common security vulnerabilities and best practices for remediation, such as those outlined in the OWASP Top 10.
• Familiarity with secure coding standards and practices.
• Experience with security assessment tools, including static analysis tools, dynamic scanners, and penetration testing frameworks.
• Typically, 3-5 years of proficiency in programming languages commonly used in application development, such as Java, C#, Python, or JavaScript.
• Familiarity with cloud computing platforms like AWS, Azure, or GCP, and their security mechanisms.
• Excellent analytical and problem-solving skills, with a keen attention to detail.
• Strong communication and interpersonal skills, with the ability to collaborate effectively in a team environment.
• Familiarity with SDLC (Systems Development Life Cycle) standards and best practices to realize improved cycle times for changes to Test, QA and Production environments
• Familiarity with SDLC (Systems Development Life Cycle) standards and best practices to realize improved cycle times for changes to Test, QA and Production environments
CSAA IG Careers
At CSAA IG, we're proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it.
Join us if you...
BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging.
• COMMIT to being there for our customers and employees.
• CREATE a sense of purpose that serves the greater good through innovation.
Recognition: We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at [https://careers.csaa-insurance.aaa.com/us/en/benefits](https://careers.csaa-insurance.aaa.com/us/en/benefits)
In most cases, you will have the opportunity to choose your preferred working location from the following options when you join CSAA IG: remote, hybrid, or in-person. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don't miss important updates from us.
If a reasonable accommodation is needed to participate in the job application or interview process, please contact [TalentAcquisition@csaa.com](mailto:TalentAcquisition@csaa.com).
As part of our values, we are committed to supporting inclusion and diversity at CSAA IG. We actively celebrate colleagues' different abilities, sexual orientation, ethnicity, and gender. Everyone is welcome and supported in their development at all stages in their journey with us.
We are always recruiting, retaining, and promoting a diverse mix of colleagues who are representative of the U.S. workforce. The diversity of our team fosters a broad range of ideas and enables us to design and deliver a wide array of products to meet customers' evolving needs.
CSAA Insurance Group is an equal opportunity employer. 00
Your Role:
As an Application Security Engineer IV, you will bring a robust foundation in software development, cloud platforms, and application security testing to the table. Your primary responsibilities will include performing advanced application vulnerability scans, addressing and remediating identified issues, and generating comprehensive reports. You will be a key figure in setting, executing, and promoting security standards and best practices. Your expertise in identifying, resolving, and preventing application-level security vulnerabilities will be highly valued and recognized.
Your Work:
• Leverage your extensive knowledge to conduct continuous application vulnerability scanning, remediation, and reporting across a variety of platforms and architectures.
• Identify, fix, and prevent security vulnerabilities in hardware, software, and development processes.
• Handle moderate to complex tasks with minimal oversight, supporting one or more projects that demand specialized expertise.
• Demonstrate advanced skills in multiple technical environments, including Linux, Windows, and Cloud platforms.
• Collaborate closely with cross-functional teams to integrate security best practices into the design and architecture of our applications.
• Develop repeatable and automated security test suites.
• Maintain and update automation processes to ensure they meet established security standards.
• Ensure compliance with security standards in system development, support, assessment, remediation, and configuration/change management.
• Stay current with the latest security trends, vulnerabilities, and attack vectors, and proactively identify potential risks to our applications.
• Utilize your experience with SCM, CI/CD automation, and AppSec testing tools to enhance overall security.
• Work with developers, system administrators, and IT operations to ensure effective communication and alignment on application security initiatives.
• Conduct thorough application security reviews using AppSec tools.
• Perform regular security assessments on applications to identify vulnerabilities and weaknesses in code and configurations.
• Review application code for security flaws, identify areas for improvement, and provide actionable recommendations to developers.
Required Experience, Education, and Skills:
• Bachelor's or equivalent experience in Computer Science, Information Systems, or another related field.
• 6+ years of relevant experience
• Ability to conduct manual assessments using tools like HTTP Proxies (Burp Suite Pro, OWASP ZAP), automation scripts, shell scripting with curl, and other commercial and open-source tools.
• Proficiency in application security testing technologies, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Infrastructure as Code (IaC), Interactive Application Security Testing (IAST), Runtime Application Self-Protection (RASP), as well as cloud and container security.
• Strong foundation in security technologies such as web security, cloud services, identity and access management, web application firewalls, and intrusion detection.
• Solid understanding and hands-on experience with secure software development practices, including threat modeling, secure design principles, secure coding, code analysis, and security testing.
• Ensure that security solutions strike a balance between performance, security, and compatibility.
• Scan CloudFormation templates for security vulnerabilities using tools like Wiz, cfn-nag, Snyk, and Aqua Trivy.
• Knowledge of key security configurations for services such as Amazon EC2, Amazon S3, Amazon RDS, and Amazon EKS.
• Hands-on expertise in cloud security posture management (CSPM) with tools such as AWS Security Hub and Wiz.
• AWS Certified Security - Specialty certification is a plus.
• Experience with auditing and governance services such as AWS Identity and Access Management (IAM), AWS Config, and AWS Systems Manager.
What Would Make Us Excited About You?
• Proven experience in application security, secure coding, and vulnerability assessment.
• A deep understanding of web application architecture, including frameworks, APIs, and protocols.
• Knowledge of common security vulnerabilities and best practices for remediation, such as those outlined in the OWASP Top 10.
• Familiarity with secure coding standards and practices.
• Experience with security assessment tools, including static analysis tools, dynamic scanners, and penetration testing frameworks.
• Typically, 3-5 years of proficiency in programming languages commonly used in application development, such as Java, C#, Python, or JavaScript.
• Familiarity with cloud computing platforms like AWS, Azure, or GCP, and their security mechanisms.
• Excellent analytical and problem-solving skills, with a keen attention to detail.
• Strong communication and interpersonal skills, with the ability to collaborate effectively in a team environment.
• Familiarity with SDLC (Systems Development Life Cycle) standards and best practices to realize improved cycle times for changes to Test, QA and Production environments
• Familiarity with SDLC (Systems Development Life Cycle) standards and best practices to realize improved cycle times for changes to Test, QA and Production environments
CSAA IG Careers
At CSAA IG, we're proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it.
Join us if you...
BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging.
• COMMIT to being there for our customers and employees.
• CREATE a sense of purpose that serves the greater good through innovation.
Recognition: We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at [https://careers.csaa-insurance.aaa.com/us/en/benefits](https://careers.csaa-insurance.aaa.com/us/en/benefits)
In most cases, you will have the opportunity to choose your preferred working location from the following options when you join CSAA IG: remote, hybrid, or in-person. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don't miss important updates from us.
If a reasonable accommodation is needed to participate in the job application or interview process, please contact [TalentAcquisition@csaa.com](mailto:TalentAcquisition@csaa.com).
As part of our values, we are committed to supporting inclusion and diversity at CSAA IG. We actively celebrate colleagues' different abilities, sexual orientation, ethnicity, and gender. Everyone is welcome and supported in their development at all stages in their journey with us.
We are always recruiting, retaining, and promoting a diverse mix of colleagues who are representative of the U.S. workforce. The diversity of our team fosters a broad range of ideas and enables us to design and deliver a wide array of products to meet customers' evolving needs.
CSAA Insurance Group is an equal opportunity employer. 00
Job Information
Job Category:
Information Technology
Spotlight
Employer
Related jobs
RN Unit Manager
The Laurels of Massillon
Are you an RN looking for a leadership role? Do you have a passion for leading and teaching other skilled nursing staff? The RN Unit Manager provides, plans, coordinates or manages nursing care and he...
Apr 8, 2025
MASSILLON, OH
Assistant Director of Nursing (ADON)
Regency at Jackson
Are you a Registered Nurse (RN) looking for a leadership opportunity with a growing organization? We have an exceptional opportunity for an Assistant Director of Nursing (ADON) to join our team at Reg...
Apr 8, 2025
JACKSON, MI
Treatment Nurse (RN/LPN)
The Laurels of University Park
Are you a critical thinker, a skilled communicator and passionate about caring for seniors? Are you seeking career advancement? As a Registered Nurse (RN) OR a Licensed Practical Nurse (LPN) at Laure...
Apr 8, 2025
RICHMOND, VA