Travelers Application Security Engineer - REMOTE in Helena, Montana
Taking care of our customers, our communities and each other. That’s the Travelers Promise. By honoring this commitment, we have maintained our reputation as one of the best property casualty insurers in the industry for over 160 years. Join us to discover a culture that is rooted in innovation and thrives on collaboration. Imagine loving what you do and where you do it.
Job Description Summary
You will work closely with the Claim Application Security team. This program includes interpretation of code scanning results to help developers remediate vulnerabilities in internally developed applications. You will also be the point of contact for threat modeling activities for Claim IT Agile Release Trains (ARTs). You will be responsible for working with Claim IT architects, developers and application security engineers, within the assigned Agile Release Trains, to help guide them through the different activities surrounding defensive coding techniques. You will work closely with the Claim Architecture Review Board to identify architectural patterns in use and work with the team to ensure threat modeling is conducted against the understood patterns. You will be responsible for working with the architects and senior application security engineers to develop a plan to ensure that all patterns are reviewed with a regular cadence and work with the teams to ensure that necessary audit artifacts are documented.
The successful candidate for this role will be expected to think like an attacker and anticipate how they might exploit weaknesses. You will be responsible for researching relevant attack methods and engage with the ARTs and other Application Security Engineers to help ensure that all relevant risks are identified and addressed throughout the DevSecOps process. You will work directly with Agile teams to ensure security is included throughout the entire development process while ensuring minimal impact to schedules.
You will work closely with developers to help ensure that a culture of security is woven into the development cycle and identify opportunities to shift identification of vulnerabilities to earlier in the development process. You will work with Claim IT developers to help perform code scanning and track remediation efforts.
Primary Job Duties & Responsibilities
Work directly with Claim IT architects, developers and other Application Security Engineers to help guide the Application Security program.
Research relevant attack methods and engage with Senior Application Security engineer and Information Security to help ensure that all relevant risks are identified and addressed.
Guide product and engineering teams to building secure features through security architecture design reviews and threat modeling.
Be an advocate for secure coding practices across all engineering teams.
Use attack driven techniques to defend our applications and systems by discovering weaknesses in our web and mobile application portfolio.
Work with the ARTs to ensure security is embedded throughout the entire development process.
Serve as the go between for Claim IT developers and Travelers Information Security.
Bachelor’s degree in computer science, information technology, or equivalent experience in related fields.
Demonstrated ability to interact with all levels of personnel within an organization.
Strong written and verbal communications skills.
Experience in developing in common languages such as .NET, Java, React, Angular, etc. a plus
Education, Work Experience, & Knowledge
Ability to work independently and as part of a team.
Experience developing information security standards and procedures a plus.
Penetration testing, Web Application Penetration testing a plus.
Certifications such as CSSLP, GWEB, GWAPT, or GPEN a plus.
Experience working in an Information Security group a plus.
Experience assessing and documenting the design of security controls to mitigate risk a plus.
Skilled at contributing and communicating knowledge of concepts to a broader audience.
Job Specific Technical Skills & Competencies
Demonstrates sound analytic and diagnostic skills dealing with issues that are loosely defined and/or where information is available but must be further manipulated.
Once decisions are made, is able to follow and direct action to implement intended results.
Breaks a problem down to manageable pieces and implements effective, timely solutions.
Openly and directly confronts conflict until resolved.
Builds relationships with peers and other departments to achieve objectives, to work as one team and to secure necessary resources not under his/her personal control.
Balances team and individual responsibilities.
Exhibits objectivity and openness to others’ views.
Gives and welcomes feedback.
Puts success of team above self.
Supports a distinct business unit or several smaller functions.
Responsibilities are assigned with some latitude for setting priorities and decision-making using established policies and procedures.
Results are reviewed with next-level manager for clarification and direction before proceeding.
Planning and Project Management:
Works with the project manager in identifying those project tasks that are most important, establishes clear priorities and understands the larger picture.
Anticipates and effectively responds to changes in workload and resources.
Environmental / Work Schedules / Other
- On call as needed.
Travelers is an equal opportunity employer. We value the unique abilities and talents each individual brings to our organization and recognize that we benefit in numerous ways from our differences.
If you are a candidate and have specific questions regarding the physical requirements of this role, please send us an email (4-ESU@travelers.com) so we may assist you.
Travelers reserves the right to fill this position at a level above or below the level included in this posting.
To learn more about our comprehensive benefit programs please visit http://careers.travelers.com/life-at-travelers/benefits/ .