Application Security Architect

Location: Kfar Sava, IL (hybrid)

NEXT’s mission is to help entrepreneurs thrive. We’re doing that by building the only technology-led, full-stack provider of small business insurance in the industry, taking on the entire value chain and transforming the customer experience. 

Simply put, wherever you find small businesses, you’ll find NEXT.

Since 2016, we’ve helped hundreds of thousands of small business customers across the United States get fast, customized and affordable coverage. We’re backed by industry leaders in insurance and tech, and we still have room to grow — that’s where you come in.

What You’ll Do: 

• Define and drive application security strategy, roadmap, and architecture.
• Provide security expertise to engineering teams on secure design and implementation.
• Lead SSDLC processes, ensuring security is integrated at every stage.
• Drive the development and implementation of automated security testing (SAST, DAST, IAST, SCA, fuzzing).
• Conduct security design reviews, threat modeling, and application risk assessments.
• Provide vulnerability remediation guidance and mentor engineering teams.
• Develop initiatives to proactively discover security defects.
• Manage and enhance our bug bounty program.
• Integrate security into CI/CD pipelines and development workflows.
• Communicate security risks and recommendations to stakeholders.
• Champion modern application security practices (DevSecOps, IaC security, cloud-native security).

What We Need: 

• 6+ years of experience in application security, with a focus on security architecture.
• 5+ years of experience in a cloud or SaaS-based production environment (AWS, Azure, GCP).
• Deep understanding of web application security, cloud security, and modern application architectures.
• Expertise in security design review, threat modeling, and application risk assessment.
• In-depth knowledge of OWASP Top 10, CWE, and relevant security standards.
• Proven experience implementing security controls in software build and CI/CD pipelines.
• Strong understanding of authentication and authorization protocols (OAuth, OpenID Connect, SAML).
• Hands-on experience with application security testing tools (SAST, DAST, IAST, SCA, fuzzing).
• Proficiency in a general-purpose programming language (e.g., Python, Java, Go).
• Experience with container security (Docker, Kubernetes) and infrastructure as code (e.g., Terraform).
• Strong leadership, communication, and collaboration skills.

Preferred Qualifications:

• Security certifications (e.g., CISSP, CSSLP, OSCP, GWEB).
• Experience with DevSecOps methodologies.
• Contributions to the security community.

Don’t meet every single requirement? Studies have shown that some underrepresented people are less likely to apply to jobs unless they meet every single qualification. At NEXT, we are dedicated to building a diverse, inclusive and respectful workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

One of our core values is 'Play as a Team'; this means making sure everyone has an equal chance to participate and make a difference. We win by playing together. Next Insurance is an equal opportunity employer and prioritizes building a diverse and inclusive workplace. We provide equal employment opportunities to all employees and applicants of any type and do not discriminate based on race, color, religion, national origin, gender, age, sexual orientation, physical or mental disability, genetic information or characteristic, gender identity and expression, veteran status, or other non-job-related characteristics or other prohibited grounds specified in applicable federal, state, and local laws. Next's policy is to comply with all applicable laws related to nondiscrimination and equal opportunity and will not tolerate discrimination or harassment based on any of these characteristics. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.