Application and Data Security Principal

Who we Are  

Oncourse Home Solutions (OHS) is a people-centric, $450M organization that is owned by private equity firm, Apax Partners operating under the brands American Water Resources, Pivotal Home Solutions and American Home Solutions. We do what is right for our people so they can do their best when serving our 1.8+ million customers across the U.S. Our mission is to create lasting value for our customers and our partners by helping homeowners navigate the unexpected, reduce costs, and make homeownership enjoyable for all. Our vision is to make our products and services accessible to our customers and our partners by becoming the most trusted and reliable home solutions organization in the market. We are committed to fostering an environment that embraces diversity in all forms, where our employees, customers and partners feel valued, respected, and supported.  

As a US-based warranty provider, we provide expertise in safety and homecare to our customers. Our integrated solutions meet customer needs both inside and outside the home. Inside the home we protect critical aspects of home function such as plumbing, heating and cooling, appliances, power surges, hot water heater, and interior electrical. Outside the home we provide protection for critical lines (water, gas, wells, sewers, electric and septic). We primarily go to market B2B2C, partnering mostly with water/gas/electric utilities and municipalities to offer our product leveraging their brand for marketing and often adding our subscription fee to the water/gas/electric bill itself. When our customers need help with home maintenance, repair, or coverage, OHS is there. This is what it means to be an ‘Oncourse SUPER’—Successful, United, Progressive, Empathetic, Reliable. SUPERs get it done. We sweat homeownership so our customers and partners don’t have to. 

As an equal opportunity employer, our employment decisions are based on business needs, job requirements and individual qualifications without regard to race, color, religion, age, sex (including pregnancy), sexual orientation, gender identity, national origin, ancestry, marital status, parental status, mental or physical disability, military or veteran status, or any other basis protected by federal, state, or local law. Oncourse Home Solutions is committed to recruiting and retaining talented applicants and to providing all employees with a workplace free from discrimination and/or harassment. 

Position Summary: 

The Application & Data Security Principal role is pivotal in bridging the current security gaps and embedding security into every aspect of the technology lifecycle at OHS. This role collaborates with various teams to integrate security into applications and platforms, ensuring the safe deployment and operation of in-house-built solutions. With expertise in identity and access management, data security, threat modeling, and the secure software development lifecycle, the engineer ensures that security controls are seamlessly integrated throughout the application development process. Additionally, the role leads efforts in API security, conducts security assessments for AI systems, and continuously improves security tools and processes to address evolving threats. 

Our office environment is a key driver of our company culture and employee experience, so a regular in-office hybrid model (generally T-TH in office and M&F remote) is required.

Responsibilities include but are not limited to:   

• Develop, manage, and enforce data protection controls to ensure data security is always maintained.
• Conduct threat modeling for complex applications and platforms 
• Secure code reviews, vulnerability assessments, application security standards and guidelines 
• Deploy, manage, operate RASP, SAST, DAST, WAF, IAST 
• Develop and implement Security measures for AI systems and initiatives 
• Establish API Security Frameworks, standards, and API Security management 
• Develop and manage application & data threat modeling and lead Secure SDLC efforts including standards 
• Define Identity and access controls with regards to applications, platforms and data 
• Update and maintain relevant standards and frameworks to ensure continued safeguarding company assets including sensitive data 
• Familiarity with PCI-DSS requirement and e-commerce security requirements and establish standards to secure e-commerce platform 
• Familiarity with authentication & authorization technologies sus as OAuth, SAML, JWT, federation and drive standards for consumer platforms in alignment with business requirements 

We are Excited if this is You 

Experience and Qualifications of the Role

• Minimum 10+ years of experience with technology and at least 7-years in Information Security within cloud-native or SaaS technology environments 
• Experience conducting threat hunting, threat modeling in cloud platforms such as AWS, Azure, Oracle, Salesforce, Snowflake and container environments 
• Relevant certifications such as CSSLP, GWEB, GWPAT, and AWS/GCP/Azure Security certifications are desirable. 
• Working experience performing security architecture review, code review, and building security requirements for the introduction of new technologies in a multi-cloud environment including SaaS applications. 
• Working experience leveraging and customizing native & 3rd party security tools to secure multi-cloud environments 
• Hands-on experience working in multi-cloud environment with an understanding of cloud technology components such as networking, segmentation, virtualization, encryption, secrets & key management, serverless, container, Kubernetes and IaC 
• Hands-on experience with cloud/infrastructure traffic analysis, anomaly detection, Web Application Firewall (WAF), RASP, IAM and security automation. 
• Familiarity with security concepts such as secure-by-design, application architecture, Authentication (SSO, SAML, Azure AD), Perimeter security, Micro-segmentation and Zero-Trust. 
• Hands-on experience with Policy as Code (PaC) using coding languages such as Python, Go, JavaScript, or YAML. 
• Hands-on experience with security testing tools such SCA, SAST, DAST and Website analysis  
• Extensive experience writing technical and business-friendly security documentation. 
• Strong analytical, problem-solving, and communication skills. Ability to work collaboratively in a dynamic environment and manage tasks with attention to details. 
• Experience working with developers, product managers, and having some eCommerce experience 
• Experience with Node.js, JavaScript, TypeScript, Python, and .NET 

Computer Skills Needed to Perform the Job    

•  Proficiency in Microsoft O365  
• Strong Excel Skills  
• Strong Powerpoint / Presentation skills 

Education  

Bachelor’s degree in computer science, Cybersecurity, or comparable technical experience  

Certificates, Licenses, Registrations  

CISSP, CSSLP, GWEB, GWAPT or other relevant security certification and experience are desired.

We offer a compelling total rewards package that includes a competitive base salary and comprehensive benefits to support your total wellbeing.  The base pay range for this position is $140,000 - $185,000 USD Annual. The specific pay offered will depend on qualifications, experience, education and skill set. The compensation offered may also include an annual performance-based bonus, sales incentive plan or commission target.    

Our benefits include, but are not limited to, healthcare, life insurance, paid time off, retirement, commuter benefits, and education reimbursement. Exact compensation may vary based on skills, experience, and location.

Join our SUPER Team and Enjoy Amazing Benefits!  

• Competitive Compensation: We value your hard work and are proud of our competitive pay for performance philosophy.
• Comprehensive Health Coverage: Medical, dental, and vision insurance options, plus paid short-term and long-term disability coverage.
• 401(k) Plan with 4% Company Match: Secure your future with our robust retirement plan.
• Defined Contribution Arrangement: 5.25% of employee annual income contributed to your retirement plan, yearly up to 7,875 dollars. 
• Generous Paid Time Off: Take the time you need to recharge and relax.
• Education Assistance Program: Invest in your growth and development with our support.
• FSA/HSA Options: Flexible spending and health savings accounts to manage your transportation and dependent care expenses.
• Employee Wellness: Access to EAP, health, legal, and financial resources to support your overall well-being.
• Vibrant Company Culture: Monthly Townhalls, employee recognition programs, and Employee Business Resource Groups (EBRGs) to keep you engaged and connected.

Action Oriented - Enjoys working hard; is action oriented and full of energy for the things that he/she sees as challenging; not fearful of acting with a minimum of planning; seizes more opportunities than others. 

Communicate Effectively - Is able to clearly and succinctly communicate verbally and in writing in a variety of settings and styles; can get messages across that have the desired effect.

Customer Focus - Is dedicated to meeting the expectations and requirements of internal and external customers; gets firsthand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gains their trust and respect.  

Decision Quality - Makes good decisions (without considering how much time it takes) based upon a mixture of analysis, wisdom, experience, and judgment; most of his/her solutions and suggestions turn out to be correct and accurate when judged over time; sought out by others for advice and solutions.  

Integrity and Trust - Is widely trusted; is seen as a direct, truthful individual; can present the unvarnished truth in an appropriate and helpful manner; keeps confidences; admits mistakes; doesn't misrepresent him/herself for personal gain.

Planning - Accurately scopes out length and difficulty of tasks and projects; sets objectives and goals; breaks down work into the process steps; develops schedules and task/people assignments; anticipates and adjusts for problems and roadblocks; measures performance against goals; evaluates results.

Problem Solving - Is tolerant with people and processes; listens and checks before acting; tries to understand the people and the data before making judgments and acting; waits for others to catch up before acting; sensitive to due process and proper pacing; follows established process.

Time Management - Uses his/her time effectively and efficiently; values time; concentrates his/her efforts on the more important priorities; gets more done in less time than others; can attend to a broader range of activities.