Application Security Engineer [Remote-US] New

remote

To help keep everyone safe, we encourage all applicants to pay close attention to protect themselves during their job search. When applying for a position online you are at risk of being targeted by malicious actors looking for personal data. Please be aware we will only reach out via email using the domain quanata.com. Anything that does not match those domains should be ignored and considered a security risk.

About Us

Quanata is on a mission to help ensure a better world through context-based insurance solutions. We are an exceptional, customer-centered team with a passion for creating innovative technologies, digital products, and brands. We blend some of the best Silicon Valley talent and cutting-edge thinking with the long-term backing of leading insurer, State Farm.

Learn more about us and our work at quanata.com

Quanata is on a mission to help ensure a better world through context-based insurance solutions. We are an exceptional, customer-centered team with a passion for creating innovative technologies, digital products, and brands. We blend some of the best Silicon Valley talent and cutting-edge thinking with the long-term backing of leading insurer, State Farm.

Learn more about us and our work at quanata.com

Our Team

From data scientists and actuaries to engineers, designers, and marketers, we’re a world-class team of tech-minded professionals from some of the best companies in Silicon Valley and around the world. We’ve come together to create the context-based insurance solutions and experiences of the future. We know that the key to our success isn't just about nailing the technology—it’s hiring the talented people who will help us continue to make a quantifiable impact.

We are seeking an Application Security Engineer to join the Product Security team within the greater Security & Privacy team. This role is pivotal in ensuring the security and integrity of our applications and services and shared solutions within our B2B/E product suite. You will be responsible for implementing application security measures across various projects, with a focus on identifying and mitigating risks within our development lifecycle.

As an Application Security Engineer, you will play an essential role in maintaining the overall security posture of the company. You'll work closely with the entire Security & Privacy team. Our application environment is a hybrid of containers, managing most of our production microservices, and a public cloud-driven services layer based on popular open-source components.

We’re looking for a candidate who thrives in a team setting, collaborates effectively with colleagues across multiple departments, and contributes positively to a dynamic team environment. The ideal individual should be skilled in leveraging the strengths of diverse team members, fostering a culture of open communication, and driving joint initiatives towards successful outcomes.

Responsibilities include:

1. Collaborate with development and product teams to integrate security solutions into business-critical applications.
2. Assist in creating and refining product security threat models, focusing on security measures tailored to the unique challenges of the insurance sector.
3. Participate in secure code reviews and product security testing to identify vulnerabilities.
4. Implement application security best practices throughout the software development lifecycle.
5. Respond to vulnerabilities identified through internal security testing, prioritizing according to business impact.
6. Support initiatives to enhance security awareness and practices within the application development teams.
7. Work closely with compliance teams to ensure that applications adhere to industry-specific regulations and standards.
8. Document security procedures, best practices, and team initiatives using repeatable patterns.

• Experience:
• Bachelor’s degree or equivalent, relevant experience, and;
• 3 - 5 years of experience in information security, with at least 2 years in application security engineering.
• Experience working with software development teams to integrate security into complex application ecosystems.
• Technical Skills:
• Familiarity with security-by-design principles and application security frameworks and standards.
• Experience with cloud providers like AWS, Google Cloud, or Microsoft Azure.
• Knowledge of OWASP standards like the Top 10, ASVS, and MASVS.
• Proficiency in at least one programming language and relevant security tools.
• Familiarity with threat modeling paradigms such as STRIDE or STRIPED.
• People Skills:
• Strong communication skills for effective collaboration.
• Ability to manage multiple tasks in a fast-paced environment.
• Certifications such as CSSLP, GWEB, OSWE are a plus.
• Experience with the insurance industry or similarly regulated sectors.
• Experience with cloud security solutions and mobile application security.
• Knowledge of AI and prompt engineering is a plus.
• Hands-on experience with threat modeling, risk assessment, and vulnerability management.
• Proficiency in scripting security tasks.
• Active participation in industry conferences like DEF CON, RSA, BlackHat, etc., is desirable.
• Contributions to the professional community through presentations, mentoring, or publications are a plus.

Salary: $170,000 to $235,000*

*Final salary depends on skills, experience, and internal structure. We aim to offer a competitive package reflecting your expertise.

• Benefits: Comprehensive health, wellness, and other benefits, including medical, dental, vision, life insurance, wellness allowance, and 401(k) with match.
• Work from Home Equipment: A $2K one-time payment for home office setup and fully provisioned MacBook Pro.
• Paid Time Off: Four weeks of PTO, twelve weeks parental leave, and professional development funding up to $5000 annually.
• Location: Remote-first in the U.S., with occasional travel as needed. Employees in SF Bay Area or Providence may commute locally.
• Hours: Core hours from 9AM - 2PM Pacific Time for collaboration.

Quanata is an equal opportunity employer. We value diversity and inclusion. For accommodations, contact your Talent Acquisition Partner.