Key skills
Application SecurityCloud SecurityOWASP Top 10MITRE ATT&CKPythonTypescriptAWSIAMContainer SecurityDevSecOps PipelinesSASTDASTInfrastructure as CodeTerraformAnsibleSIEM PlatformsPenetration TestingThreat ModelingSecurity ArchitectureSecurity Incident ResponseBug Bounty Program ManagementSecurity FrameworksCIS BenchmarksNISTSOC2 CompliancePCI ComplianceHIPAA ComplianceKubernetesSecurity TelemetryThreat IntelligenceTypeScriptSaaSCI/CDCommunicationOWASP
About this role
Assured is on a mission to modernize insurance by providing large insurers with software solutions to enhance claims processing. They are seeking a Staff Security Engineer to scale and mature security across their platform, partnering with engineering, infrastructure, and product teams to embed security in their software development processes.
Responsibilities:
- Lead security architecture and design reviews across applications, infrastructure, and integrations to ensure secure patterns are embedded early in the development lifecycle
- Conduct and coordinate penetration testing, threat modeling, and security reviews for critical services, new features, and third-party integrations
- Design and implement security automation within CI/CD pipelines to ensure secure coding practices and infrastructure policies are enforced at scale
- Partner with infrastructure and DevOps teams to secure cloud platforms (AWS) and improve identity, network, and workload security
- Build security observability and detection capabilities, including security data pipelines, SIEM integrations, and threat intelligence signals
- Think like an attacker—identify systemic weaknesses and design controls that protect against entire classes of attacks, not just individual vulnerabilities
- Work closely with developers to improve security practices through secure architecture guidance, code review support, and developer enablement
- Lead incident response investigations and help build processes for identifying, analyzing, and mitigating security incidents
- Own and evolve the bug bounty program, including triage, response processes, and improvements to vulnerability management workflows
- Develop security standards, playbooks, and training programs that make security practices easier for engineering teams to adopt
- Help define the security roadmap, identifying initiatives that improve both risk posture and operational efficiency
Requirements:
- Deep understanding of application security, cloud security, and modern threat landscapes, including common vulnerabilities and attack techniques (OWASP Top 10, MITRE ATT&CK, etc.)
- Strong software engineering background with experience writing production-grade code or automation (Python, Typescript, or similar)
- Hands-on experience securing cloud-native infrastructure, especially AWS, including IAM, networking, and containerized workloads
- Experience building or integrating DevSecOps pipelines, including SAST, DAST, IaC scanning, and container security tooling
- Experience designing security telemetry pipelines using tools such as SIEM platforms, observability systems, or data lakes
- Experience running or participating in penetration testing, threat modeling, or architectural security reviews
- Proven ability to collaborate effectively with engineering, DevOps, and product teams to drive secure design decisions
- Excellent communication skills and the ability to clearly explain complex security risks and trade-offs to both technical and non-technical stakeholders
- Strong understanding of SaaS architectures, distributed systems, and internet-facing platforms
- Experience developing security frameworks aligned with CIS benchmarks, NIST, or SOC2 / PCI / HIPAA compliance requirements
- Experience building security detections, threat intelligence pipelines, or runtime protection mechanisms
- Hands-on experience with Kubernetes, container security, and infrastructure-as-code (Terraform, Ansible)