Application Security Engineer
- Boston, MA, USA
- Verisk Business: AIR Worldwide
- Department: Information Technology
AIR Worldwide (AIR), a Verisk business, provides risk modeling solutions that make individuals, businesses, and society more resilient to extreme events. In 1987, AIR Worldwide founded the catastrophe modeling industry and today models the risk from natural catastrophes, terrorism, pandemics, casualty catastrophes, and cyber attacks, globally. Insurance, reinsurance, financial, corporate, and government clients rely on AIR’s advanced science, software, and consulting services for catastrophe risk management, insurance-linked securities, site-specific engineering analyses, and agricultural risk management. AIR Worldwide, is headquartered in Boston with additional offices in North America, Europe, and Asia. To learn more about AIR, please visit us at: www.air-worldwide.com. We are proud to be a part of the Verisk family of companies!
With a history of impressive growth, an innovative culture, and offering industry-leading solutions, Verisk Analytics is an amazing place to work and make a difference. In 2018, Forbes magazine named Verisk to its World’s Best Employers list and, in 2017, to its World’s Most Innovative Companies list for the third consecutive year. We also earned the Great Place to Work® Certification for the third consecutive year in recognition of our outstanding workplace culture.
Verisk is a leading data analytics provider serving customers in insurance, energy and specialized markets, and financial services. Using advanced technologies to collect and analyze billions of records, Verisk draws on unique data assets and deep domain expertise to provide first-to-market innovations integrated into customer workflows. We’ve been delivering predictive analytics and decision support solutions to our customers for nearly 50 years, helping them protect people, property, and financial assets. At Verisk, you’ll be part of an organization that’s committed to serving the long-term interests of our stakeholders, including the communities where we operate.
At Verisk, you can build an exciting career with meaningful work; create a positive and lasting impact on the business; and find the support, coaching, and training you need to advance your career. Our culture of innovation means your ideas on how to improve our business will be heard. As key contributors to our success, our team members enjoy working in a business-casual, collaborative environment that offers state-of-the-art resources, advanced technologies, and an excellent benefits package.
As an Application Security Engineer, your primary focus will be to enhance AIR’s security stance from a coding and development perspective. The Application Security Engineer must possess strong analytical and communication skills; assess client needs against security concerns; providing review and improving the security of in-house custom applications created by our team of developers.
Responsibilities include implementation and support of our coding tools, securing our CI/CD pipeline and providing DevSecOps. You must be able to collaborate with multi-discipline teams to investigate, explain and remediate issues as well as experience implementing cloud security controls. Ability to contribute to overall security posture of the enterprise.
· Liaise with development and product teams to develop secure products and features for customers, suppliers, partners, and employees
· Implement 'Sec' in DevSecOps model of operations - experience with AWS, Azure or other cloud providers
· Familiarity with OWASP testing methodology
· Static and dynamic code testing implementation
· Perform code reviews of highly complex services
· Keep development teams up-to-date with secure coding practices by providing them training and the latest trends in secure development
· Conduct risk analysis and threat modeling to build secure products from ground up
· Maintain, tune, and own the web application firewall (WAF)
· Assess client needs against security concerns and articulates issues and potential risks to management.
· Facilitate and design compensating controls when needed.
· Stay abreast of current security threats and security technologies.
· Bachelor’s Degree in computer science, Information Systems or other related field, and/or equivalent work experience.
· 5+ years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, networking, systems administration.
· At least 5 years of experience in IT security and compliance.
· Understanding of attack vectors
· Strong organizational skills to manage fast paced and demanding requests
· Knowledge of data security fundamentals and best practices with prior responsibilities of protecting information assets.
· Excellent written and verbal communication skills.
SANS, AWS and other certificates desirable
Verisk Analytics is an equal opportunity employer.
All members of the Verisk Analytics family of companies are equal opportunity employers. We consider all qualified applicants for employment without regard to race, religion, color, national origin, citizenship, sex, gender identity and/or expression, sexual orientation, veteran's status, age or disability.
Unsolicited resumes sent to Verisk, including unsolicited resumes sent to a Verisk business mailing address, fax machine or email address, or directly to Verisk employees, will be considered Verisk property. Verisk will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume.