Sr. Engineer, Cybersecurity (Application Security)
Sr. Engineer, Cybersecurity (Application Security)
Summary:
Are you a seasoned Senior Application Security Engineer who gets excited by the challenge of securing complex systems against emerging threats? Do you love diving deep into code to find vulnerabilities and crafting solutions that strengthen application defenses? If so, we are looking for you!
As a Senior Application Security Engineer, you will play a pivotal role in designing and implementing security controls to protect our applications. Leveraging your extensive hands-on experience with secure coding practices and application security tools, you will develop and enforce policies, procedures, and controls that protect our software from ever-evolving cyber threats. Working closely with cross-functional teams, you will ensure our applications meet the highest standards of security and compliance while fostering a culture of secure software development.
In this role, you will tackle exciting challenges that push you to stay ahead of the curve in application security. You will have access to the latest tools and technologies and the opportunity to make a tangible impact on the security posture of our software systems. If you are passionate about application security and love solving complex technical problems, we want to hear from you! Join us and be a key part of shaping the future of secure software at National Life Group.
Key Responsibilities:
- Collaborate with IT leadership to align and support the execution of the Application Security program’s vision, strategy, and governance, ensuring it meets organizational objectives.
- Collaborate with IT teams to enhance the software security program by defining, documenting, and communicating security requirements within the SDLC. This may include integrating Software Composition Analysis (SCA), generating Software Bill of Materials (SBOM), and implementing comprehensive dependency management, ensuring alignment with industry best practices.
- Work with stakeholders to automate continuous security assessments (web and mobile applications), manage tool implementation, identify critical vulnerabilities, and ensure a streamlined remediation process, minimizing security risk in the development lifecycle.
- Enhance security reporting capabilities by developing metrics-driven dashboards and reports that communicate current risk exposures to leadership and highlight security improvements, including prioritized remediation and trend analysis.
- Conduct detailed software, security code, design, and architecture reviews to assess risks, enforce secure coding standards, influence architectural decisions, and ensure potential security issues are identified and addressed prior to production deployments.
- Lead threat modeling and security risk analysis across client-side and server-side applications. Provide actionable insights to development teams and security leadership, supporting risk-based decision-making process.
- Collaborate with IT leadership and vendor partners to define and deliver application security training and awareness programs, tailored to development teams, focused on secure coding practices, and reducing vulnerabilities in production.
- Oversee the governance of application security exceptions, ensuring all requests for deviations from security policies are evaluated based on a thorough risk assessment and documented with appropriate approvals.
- Maintain an up-to-date knowledge of emerging security threats, vulnerabilities, and best practices, and proactively adjust the organization’s security posture to mitigate risks. This includes evaluating new security tools, practices, and frameworks for adoption where appropriate.
- Promote a culture of security by collaborating with security and IT teams, advocating for secure-by-design principles, and developing reusable security code components that can be integrated into projects where applicable.
Job Requirements:
- Bachelor’s degree in computer science, Information Security, or a related field.
- A minimum of 5 years of experience in software development and/or software design, with hands-on coding experience in .NET, C#, Java, JavaScript and/or Python.
- A minimum of 3 years of progressive experience in application security, with a demonstrated history of leading secure coding practices.
- CISSP or CSSLP certification preferred.
- Experience in designing and implementing security solutions for cloud-based technologies and APIs.
- Demonstrated ability to translate vulnerability assessments and reports into prioritized, actionable tasks for development teams, ensuring that remediation efforts are aligned with risk assessments to address the most critical issues first.
- Extensive experience with security assessment tools such as SAST, DAST, SCA, and fuzz testing, paired with a deep awareness of their strengths and limitations.
- Thorough knowledge of OWASP Top 10, CWE 25, and data protection standards.
- Strong analytical and problem-solving skills, with the ability to react quickly and effectively to production issues.
- Excellent communication and presentation skills, with the ability to convey complex ideas in a clear and collaborative manner.
- Proven ability to manage multiple priorities in a dynamic, fast-paced environment, effectively navigating ambiguity while consistently meeting deadlines.
- Demonstrated leadership skills, with a passion for mentoring, coaching, and developing teams.
- Strong relationship-building skills, with the ability to engage stakeholders at all levels, including senior leadership.
- A proactive, self-motivated attitude with a clear passion for cybersecurity and servant leadership values.
The base compensation range represents the low and high end of the range for this position. Actual compensation will vary and may be above or below the range based on various factors including but not limited to qualifications, skills, competencies, location, and experience. The range listed is just one component of our total compensation package for employees.
Other rewards may include an annual bonus, quarterly bonuses, commissions, and other long-term incentive compensation, depending on the position. National Life offers a competitive total rewards package which includes: a 401(k) retirement plan match; medical, dental, and vision insurance; a company funded wellness account for director and below employees; 10 paid holidays; a generous paid time off plan (22 days of combined time-off for non-exempt employees and exempt employees have discretion in managing their time, including scheduling time off in the normal course of business, but in no event will exempt employees receive less sick time than required by state or local law); 6 weeks of paid parental leave; and 6 weeks of paid family leave after a year of full-time employment.
National Life is accepting applications for this role on an ongoing basis and the role remains open until filled.
National Life Group® is a trade name of National Life Insurance Company, Montpelier, VT – founded in 1848, Life Insurance Company of the Southwest, Addison, TX – chartered in 1955, and their affiliates. Each company of National Life Group is solely responsible for its own financial condition and contractual obligations. Life Insurance Company of the Southwest is not an authorized insurer in New York and does not conduct insurance business in New York. Equity Services, Inc., Member FINRA/SIPC, is a Broker/Dealer and Registered Investment Adviser affiliate of National Life Insurance Company. All other entities are independent of the companies of National Life Group.
National Life Group
1 National Life Dr
Montpelier, VT 05604
Social Media Policy
Site Disclosure and Privacy Policy
Salary range
- $89,000 - $166,000 per year