Sr Application Security Engineer

Description: Travelers is seeking a Sr. Application Security Engineer to join our organization as we grow and transform our Technology landscape. Individual will guide a team of Application Security Engineers to complete advanced application security engineering tasks including security research, application security testing, interpretation of vulnerability scan results, threat modeling, code reviews, and penetration testing. In addition, this individual will partner with Enterprise Cybersecurity to define and implement a cohesive application security strategy across Travelers.

What you will do:

Provide guidance on application security for strategic initiatives within Business Insurance.

Lead and mentor application security engineers within our value streams.

Lead investigation and resolution efforts for critical, high impact problems, defects, and incidents.

Lead application security reviews and threat modeling, including code review and dynamic testing.

Lead in development of automated security testing to validate that secure coding best practices are being used.

Guide and advise product development teams in the area of application security.

Assist with recruiting activities and administrative work.

Develop security training and socialize the material with internal development teams.

Requirements of the Role:

Experience as a software engineer, including with scripting languages

Strong understanding and experience with common security libraries, security controls, and common security flaws

A solid understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols)

Ability to perform security testing, including penetration testing

Experience with SAST/DAST/IAST tools

Expertise in secrets management

Experience in a technical leadership role; ability to guide and mentor others