Senior Application Security Engineer

Worcester, MA, USA ● Virtual Req #15416
Wednesday, June 22, 2022

For more than 160 years, The Hanover has been committed to delivering on our promises and being there when it matters the most. We live our values every day, demonstrating we CARE through our values, ESG initiatives and IDE journey.

Our Information Security Engineering team is seeking a Senior Application Security Engineer to join the growing Hanover organization as a fully remote employee. 

 

POSITION OVERVIEW:

 

The Senior Application Security Engineer will be responsible for working with development and DevOps teams to deliver application security standards and solutions that help development and engineering teams evolve towards a DevSecOps model while driving adoption of secure software development practices across the enterprise.


A candidate with a background in software development and a strong understanding of software development lifecycle and DevSecOps is preferred but other relevant skill sets will be considered.


The ideal candidate is a good communicator, persuasive, analytical, understands risk and is knowledgeable in application development.


IN THIS ROLE, YOU WILL:

  • Develop and update application security standards, secure coding principles, and threat modeling processes.
  • Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance
  • Integrate application security testing and controls into different phases of teams’ development lifecycles.
  • Coordinate application security program metrics and reporting
  • Support ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system
  • Assist with training and mentoring of security champions
  • Partner with third party vendors to deliver software security tools and services
  • Provide expert consultation on application security requirements and best practices in relation to vulnerability scanning and secure application design
  • Partner closely on security operations tasks with cross-functional teammates in IT, DevOps, Engineering, and Test.
  • Engage with product owners, project managers and developers to conduct security reviews, identify risks and conform to organizational remediation/mitigation timelines.

WHAT YOU NEED TO APPLY: 

  • A Bachelor's degree in Computer Science or technology/information security-related field.
  • 4+ years of combined hands-on experience in software development and/or application engineering
  • Experience working with various development technologies including programming languages/frameworks supporting both backend and frontend development, source control management systems, and CI/CD tooling
  • Experience with Application Security tools such as Static Application Security Tests (SAST), Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA).
  • Functional understanding in tooling integrations that support agile, CI/CD, and DevSecOps methodologies
  • Strong knowledge of software security risks and threats (such as OWASP top 10)
  • Experience with threat modeling, software composition analysis, and vulnerability disclosure programs
  • Strong understanding of development methodologies, particularly Agile and DevOps.
  • Able to explain impact of vulnerabilities and mitigating strategies to application development teams as well as work with the SOC on discovery and remediation.
  • Able to work independently with minimal guidance and act as coach to other team members as necessary.
  • Experience leading through influence
  • Communication experience, interpersonal experience, and experience working cross-functionally with various teams

CAREER DEVELOPMENT:

It’s not just a job, it’s a career, and we are here to support you every step of the way. We want you to be successful and fulfilled. Through on-the-job experiences, personalized coaching and our robust learning and development programs, we encourage you – at every level – to grow and develop.

COMPENSATION:
The base pay range provided at the bottom of the posting is primarily based on similar roles in the external market. Actual pay may vary based on factors including but not limited to experience, unique skills, performance, and geographic location. Base pay is just one component of The Hanover’s total compensation package. Other rewards may include short and long-term incentives as well as a comprehensive suite of benefits highlighted below. 

 

BENEFITS:

We offer comprehensive benefits to help you be healthy, build financial security, and balance work and home life. At The Hanover, you’ll enjoy what you do and have the support you need to succeed.

 

Benefits include:

  • Medical, dental, vision, life, and disability insurance
  • 401K with a company match
  • Tuition reimbursement
  • PTO
  • Company paid holidays
  • Flexible work arrangements
  • Cultural Awareness Day in support of IDE
  • On-site medical/wellness center (Worcester only)
  • Click here for the full list of Benefits

 

Vaccination Status:

Hanover has enacted policies and protocols throughout the COVID-19 pandemic to promote employee health and safety. To that end, all employees are expected to provide true and accurate information regarding their vaccine status, and when requested, employees are expected to provide proof of such status. Hanover recognizes employee privacy concerns and only provides vaccine status information on a need-to-know basis.  The Hanover complies with all federal, state and local laws, and with respect to such laws related to COVID-19 health and safety, it is typical for there to be a distinction in compliance obligations between vaccinated and unvaccinated individuals. Therefore, various Hanover policies and requirements are connected to vaccine status, including but not limited to, the company’s Facial Coverings and Social Distancing policy.  Employees declining to provide information related to their vaccine status, will be considered unvaccinated or not fully vaccinated for the purposes of The Hanover’s COVID-19 health and safety policies and protocols.

Please be advised that while Hanover does not expect to institute a vaccine mandate at this time, Hanover encourages employees to get vaccinated and boosted, and provides paid time off to both obtain and recover from the vaccine(s) and booster(s).

 

EEO statement:

The Hanover values diversity in the workplace and among our customers.  The company provides equal opportunity for employment and promotion to all qualified employees and applicants on the basis of experience, training, education, and ability to do the available work without regard to race, religion, color, age, sex/gender, sexual orientation, national origin, gender identity, disability, marital status, veteran status, genetic information, ancestry or any other status protected by law.  

Furthermore, The Hanover Insurance Group is committed to providing an equal opportunity workplace that is free of discrimination and harassment based on national origin, race, color, religion, gender, ancestry, age, sexual orientation, gender identity, disability, marital status, veteran status, genetic information or any other status protected by law.” 

As an equal opportunity employer, Hanover does not discriminate against qualified individuals with disabilities.  Individuals with disabilities who wish to request a reasonable accommodation to participate in the job application or interview process, or to perform essential job functions, should contact us at:
HRServices@hanover.com and include the link of the job posting in which you are interested.

 

Privacy Policy:

To view our privacy policy and online privacy statement, click here.  


Applicants who are California residents: To see the types of information we may collect from applicants and employees and how we use it, please 
click here.

Other details

  • Job Function Information Technology
  • Pay Type Salary
  • Min Hiring Rate $90,000.00
  • Max Hiring Rate $135,000.00
  • Required Education Bachelor’s Degree
Location on Google Maps
  • Worcester, MA, USA
  • Virtual