Application Security Engineer

Location: Remote - US, Canada, UK, and Europe

Accelerant is building a new platform that will serve as the backbone of how risk is exchanged in the future. The Product & Technology (P&T) organization is looking for an Applications Security Engineer who is passionate about securing systems, ensuring compliance, collaborating across teams, and educating others on security best practices. As an Applications Security Engineer, you will play a crucial role in developing and maintaining systems to detect, prevent, analyze, and remediate software vulnerabilities while working closely with various teams to ensure security as part of SDLC. The ideal candidate should possess a balance of technical expertise, strategic thinking, and effective communication skills to create secure and scalable solutions.

If you join our team, these are some of the things you’ll be doing:

1. Design and implement security measures to protect applications and infrastructure from vulnerabilities, attacks, and other risks.
2. Perform vulnerability assessments, threat analysis, and incident response.
3. Plan, scope and conduct Penetration Testing campaigns.
4. Develop and integrate security requirements into the CI/CD pipelines.
5. Collaborate with cross-functional teams (e.g., Development, Architecture, Infrastructure) to align security with business goals.
6. Educate and mentor teams on secure coding practices, web technologies, and the full-stack ecosystem.
7. Monitor and address emerging threats, vulnerabilities, and security trends, ensuring timely implementation of countermeasures.
8. Create detailed documentation and reports outlining security findings, recommendations, and resolution steps.

What you bring to the table:

1. University degree/college diploma in related discipline(s) or equivalent work experience, and/or 5+ years in security IT industry experience.
2. Holding OSCP/OSCP+ or equivalent certification.
3. Proficiency in programming or scripting languages, especially Python, and a solid understanding of the web stack and its components.
4. Experience with vulnerability management tools, security scanners (e.g. Snyk, Qualys, Trivy, Dependabot, etc.), and secure systems configuration (e.g., firewalls, VPNs, IDS/IPS, WAF).
5. DevSecOps mindset, knowledge of CI/CD processes, security automation, and integrating security seamlessly into development workflows.
6. Practical experience with security architecture for cloud platforms such as AWS, GCP, Azure, or OpenStack.
7. Strong strategic thinking, communication, and collaboration skills with the ability to simplify complex concepts.
8. A willingness to learn, stay updated on the latest security trends, exploits, and tailor solutions to meet dynamic business needs.

Nice-to-Have Skills:

1. Experience reporting security issues through bug bounty programs or similar initiatives.
2. Active participation in the security community.
3. Leadership and mentoring skills to guide teams and advocate for security-first practices.
4. Holding OSCE or equivalent certification.

About Accelerant:

Accelerant is a data-driven, technology-fueled insurance platform that empowers underwriters to more effectively serve their insureds. We’re using advanced data intelligence tools to rebuild the way that underwriters share and exchange risk. With a current focus on the small and medium-sized businesses that power our global economy and their niche insurance needs, we align incentives to improve outcomes for everyone. Our full-service risk exchange supports our carefully selected, best-in-class network of underwriting teams. We leverage granular information on each policy to deliver unprecedented insight into insurance pools, and our specialty portfolio is fully diversified with very low catastrophe, aggregation or systemic risk. We’re proud to have been awarded an AM Best A- (Excellent) rating. For more information, please visit www.accelerant.ai.

Accelerant is a fully remote company. Work where you’re most productive and fulfilled. This position is open to remote candidates across the U.S. and Canada who have the flexibility to work with our teams distributed across Europe and North America. Most cross-team collaboration happens in the mornings of the Eastern Time Zone.