Application Security Engineer

Who are we?

Western National Insurance Group is a private mutual insurance company with over 120 years of experience serving customers' property-and-casualty insurance needs in the Midwestern, Northwestern, and Southwestern United States. Known as “The Relationship Company®,” we define success as a measure of the relationships we’ve built over time. In everything that we do, we know that delivering a friendly and helpful interaction makes for a better experience for everyone involved. That’s the power of “nice”. At Western National, nice is something we work to bring to every person and organization with whom we partner and serve.

Does this opportunity interest you?

Western National is seeking an Application Security Engineer to join our cybersecurity team!

The individual in this role will have the opportunity to build an application security program from the ground up. The individual in this role will be responsible for developing and implementing an enterprisewide application security program by conducting security assessments, implementing security best practices, and developing security tools and solutions. This individual will also collaborate with developers, QA engineers, and other stakeholders to ensure that their applications meet the highest security standards.
 

What are the responsibilities and opportunities of this role?

• Establishes, launches, and matures the Application Security Program within the development community. 
• Performs security testing and code reviews of web applications and APIs to identify and remediate vulnerabilities and risks. 
• Provides recommendations and develops, implements, and maintains security policies, guidelines, and procedures. 
• Delivers security guidance and training to developers and QA engineers to promote secure coding practices. 
• Researches and evaluates emerging security technologies and tools to enhance application security capabilities. 
• Monitors and responds to security incidents and alerts, ensuring timely resolution and mitigation. 
• Collaborates with development teams to integrate security practices into the software development lifecycle (SDLC). 
• Serves as a subject matter expert on application security best practices and industry standards. 
• Leads and coordinates complex tasks across IT, engineering, and security teams. 
• Defines requirements and identifies tools to improve application security capabilities and effectiveness. 
• Develops and contributes to operational and executive reporting on application security metrics and performance. 
• Makes informed decisions in coordination with management on matters impacting the organization. 
• Participates in strategy development and contributes to the evolution of application security practices. 
• Applies analytical thinking and problem-solving skills to assess risks, prioritize issues, and implement effective solutions. 
• Drives continuous improvement initiatives and supports the implementation of security enhancements. 
• Consistently acts according to our customer experience standards, including responding quickly, maintaining a positive attitude, building rapport, demonstrating empathy, managing expectations, using appropriate communication channels, and taking ownership to resolve issues. 
• Participates in a rotational on-call schedule. 
• Performs special projects and other duties as assigned.

What are the must-have qualifications for a candidate?

• Three or more years of experience in application security with strong knowledge of web and API security concepts and best practices. 
• 10 or more years of experience in information technology. 
• Ability to build an application security program from the ground up. 
• Proficient in at least one programming language, ideally Java, but Python, C#, etc., are also acceptable. 
• Experience with security testing (e.g., SAST, SCA, and DAST) tools and frameworks (e.g., OWASP ZAP, Burp Suite). 
• Experience with CI / CD pipelines, DevOps, and automation tools. 
• Familiarity with GitHub repositories.
• Previous experience with SDLC development and hands-on programming within a "modern" CI / CD pipeline. 
• Ability to mentor and train team members, particularly in environments with limited application security expertise. 
• Demonstrated understanding of the information security landscape and a broad range of security technologies. 
• Proven ability to communicate clearly and effectively, both verbally and in writing, to technical and nontechnical audiences. 
• Proficient use of various core systems, office and computer equipment, and software packages. 
• Bachelor’s degree in information security or related discipline; experience in lieu of degree acceptable.

What will our ideal candidate have?

• Demonstrated project management skills.
• Proven ability to develop and maintain concise and accurate plans, documentation, run books, and reports.
• Proven ability to prioritize and meet deadlines.
• High degree of discretion / confidentiality, solid problem-solving skills, and close attention to detail.

Compensation overview

The targeted hiring range for this role is $125,800 – $179,850, annually. However, the base pay offered may vary depending on the job-related knowledge, skills, credentials, and experience of each candidate, as well as other factors such as the scope and location of the role. Candidates looking for compensation outside of the posted range are encouraged to apply and will be considered based on their individual qualifications and / or may be considered for other positions.

Culture and Total Rewards

Western National has long been known as “The Relationship Company®” and caring for our employees is part of that relationship commitment. We value connectiveness, empowerment, and accountability, and we believe that our employees are our biggest asset. 

Currently ranked as the 41st largest private company by revenue in Minnesota (Minneapolis/St. Paul Business Journal), Western National has earned accolades year-over-year as an employer of choice and garnered multiple awards for wellness in the workplace. Western National has also been named a Top Workplace by the Star Tribune for consecutive years. In addition, the Group is consistently recognized as a Ward’s 50 property-and-casualty insurance company for its outstanding financial results.

Western National offers full-time employees a significant Total Rewards Package, including:

• Medical insurance plan options and other standard employee benefits, including dental insurance, vision benefits, life insurance, disability insurance, and more!
• Health Savings Accounts (HSA) and Flexible Spending Accounts (FSA)
• 401(k) Plan (participants are eligible for 100% matching on the first 6% of their contributions)
• Wellbeing Program, including onsite fitness studio
• Paid Time Off – including holiday, vacation, and volunteer
• 100% company-paid tuition reimbursement for approved job-relevant coursework and access to The Institutes (Risk and insurance education)
• Paid parental leave
• Bonus opportunities

Western National believes in supporting balance between work and life by providing a flexible work environment, which includes a variety of hybrid and remote work arrangements designed to balance individual, job, department, and company needs. 

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

Western National provides employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.