Application Security Engineer II

Who Are We?

Taking care of our customers, our communities and each other. That’s the Travelers Promise. By honoring this commitment, we have maintained our reputation as one of the best property casualty insurers in the industry for over 160 years. Join us to discover a culture that is rooted in innovation and thrives on collaboration. Imagine loving what you do and where you do it.

Job Category

Technology

Compensation Overview

The annual base salary range provided for this position is a nationwide market range and represents a broad range of salaries for this role across the country. The actual salary for this position will be determined by a number of factors, including the scope, complexity and location of the role; the skills, education, training, credentials and experience of the candidate; and other conditions of employment. As part of our comprehensive compensation and benefits program, employees are also eligible for performance-based cash incentive awards.

Salary Range

$107,500.00 - $177,400.00

Target Openings

1

What Is the Opportunity?

Travelers is seeking an Application Security Engineer II to join our organization as we grow and transform our Technology landscape. Individual will complete advanced end to end security engineering tasks for specific system including security research, application security testing, interpretation of vulnerability scan results, threat modeling code reviews, and will provide defensive coding techniques consulting. Works with circle leads in a Value Stream on security and performs Application Security testing for Value Stream. Provides guidance on testing to Application Security Engineer I. Performs application architecture security reviews. Partners with Cybersecurity and Enterprise Security Engineering on testing and remediation of vulnerabilities and implementation of Cybersecurity patterns.

What Will You Do?

• Support the development of a container image security strategy to include supply chain risk initiatives.
• Support the container image security strategy implementation and integration with DevOps pipelines.
• Promote a culture around secure container development.
• Perform security research, application security testing, interpretation of vulnerability scan results, threat modeling code reviews and advise on defensive coding techniques with a high degree of accuracy and speed, operating as an individual contributor to team goals.
• Work independently to tackle well-scoped and loosely scoped problems.
• Seek opportunities to expand technical knowledge and capabilities.
• Provide technical guidance and mentorship to less experienced employees.
• Perform other duties as assigned.

What Will Our Ideal Candidate Have?

• Bachelor's degree plus four years of modern application development or  application security experience.
• Moderate experience with development in AWS
• Moderate knowledge and understanding of container security and related risks.
• Moderate knowledge and experience with build (CI/CD) pipeline technologies such as GitHub Actions, Jenkins, and/or GitLab CI/CD.
• Experience with container image hardening and base image management.
• Experience building infrastructure as code (IaC) and/or analyzing IaC against misconfigurations taking a secure by design approach.
• Experience with integrating and managing tools involving SAST, SCA, and Secrets scanning capabilities.
• Familiarity of microservices architecture and design patterns.
• Delivery - Intermediate delivery skills including the ability to estimate accurate timelines for tasks and deliver work at a steady, predictable pace to achieve commitments, contribute to the software design strategy and methodologies used to best meet the system requirements, consider and build for many different use cases, avoid over engineering, and ensure automation, deliver complete solutions but release them in small batches, and identify important tradeoffs and negotiate them.
• Domain Expertise - Demonstrated track record of domain expertise including understanding technical concepts necessary to do the job effectively and aware of industry trends, demonstrate willingness, cooperation, and concern for business issues and priorities, and possess in depth knowledge of immediate systems worked on and some knowledge of adjacent systems.
• Problem Solving - Strong problem solver who ensures solutions are built for the long term, is able to resolve new issues, recognizes mistakes using them as learning and teaching opportunities and consistently breaks down large problems into smaller, more manageable ones.
• Communication - Strong communicator who possesses the ability to articulate information clearly and concisely with the business, document work in a clear, easy to follow manner, collaborate well with team members as both a mentor and mentee, take in vague requirements and ask the right questions to ensure clarification, offer feedback appropriately and effectively, seek out and receives constructive criticism well, listen when others are speaking and make space for colleagues to share their thoughts.
• Leadership - Intermediate leadership skills with the ability to help create a safe environment for others to learn and grow as engineers and a proven track record of self-motivation in identifying opportunities and tracking team efforts.

What is a Must Have?

• Three years of system security experience.

What Is in It for You?

• Health Insurance: Employees and their eligible family members – including spouses, domestic partners, and children – are eligible for coverage from the first day of employment.
• Retirement: Travelers matches your 401(k) contributions dollar-for-dollar up to your first 5% of eligible pay, subject to an annual maximum. If you have student loan debt, you can enroll in the Paying it Forward Savings Program. When you make a payment toward your student loan, Travelers will make an annual contribution into your 401(k) account. You are also eligible for a Pension Plan that is 100% funded by Travelers.
• Paid Time Off: Start your career at Travelers with a minimum of 20 days Paid Time Off annually, plus nine paid company Holidays.
• Wellness Program: The Travelers wellness program is comprised of tools, discounts and resources that empower you to achieve your wellness goals and caregiving needs. In addition, our mental health program provides access to free professional counseling services, health coaching and other resources to support your daily life needs.
• Volunteer Encouragement: We have a deep commitment to the communities we serve and encourage our employees to get involved. Travelers has a Matching Gift and Volunteer Rewards program that enables you to give back to the charity of your choice.

Employment Practices

Travelers is an equal opportunity employer. We believe that we can deliver the very best products and services when our workforce reflects the diverse customers and communities we serve. We are committed to recruiting, retaining and developing the diverse talent of all of our employees and fostering an inclusive workplace, where we celebrate differences, promote belonging, and work together to deliver extraordinary results. 

In accordance with local law, candidates seeking employment in Colorado are not required to disclose dates of attendance at or graduation from educational institutions.

If you are a candidate and have specific questions regarding the physical requirements of this role, please send us an email so we may assist you.

Travelers reserves the right to fill this position at a level above or below the level included in this posting.

To learn more about our comprehensive benefit programs please visit http://careers.travelers.com/life-at-travelers/benefits/.