Old Republic is a leading specialty insurer that operates diverse property & casualty and title insurance companies. The Security Engineer will play a key role in improving the organization’s overall security posture across cloud environments, applications, and enterprise platforms, collaborating with various teams to design secure systems and implement security controls.
Responsibilities:
- Drive security standards, best practices, and tool strategies across cloud platforms, applications, and enterprise systems
- Partner with engineering and architecture teams to design secure systems and applications from the ground up
- Perform security architecture reviews, threat modeling, and design consulting for new and existing systems
- Support both application security and cloud security initiatives, including secure coding, infrastructure security, and identity controls
- Assess current security posture across applications and cloud environments and recommend actionable remediation strategies
- Design and implement solutions for vulnerability management, including scanning of applications, operating systems, containers, APIs, and infrastructure-as-code (IaC)
- Analyze findings from security tools and penetration tests; partner with teams to prioritize and remediate risks
- Support and perform penetration testing and security assessments across applications and cloud environments
- Develop and apply security controls that protect applications, cloud workloads, identities, APIs, and data
- Integrate security into CI/CD pipelines and engineering workflows to enable secure-by-default development practices
- Build automations to detect misconfigurations, enforce security standards, and improve operational efficiency
- Serve as a subject matter expert across multiple security domains, including cloud, application, and emerging areas such as AI security
- Provide consulting and guidance to product, engineering, and business teams in a clear, actionable manner
- Collaborate with governance, risk, and compliance teams to align engineering controls with organizational requirements
- Support the broader Security Engineering team with development and optimization of security tooling and processes
- Stay current on emerging threats, vulnerabilities, and technologies, and recommend improvements to the security program
Requirements:
- 3–6 years of experience in cybersecurity, security engineering, application security, or cloud security roles
- Bachelor's degree in computer science, Information Systems, or a related field (or equivalent practical experience)
- Experience with at least one major cloud platform (AWS, Azure, or GCP) in a production environment
- Experience in application security practices, such as secure code review, threat modeling, or SAST/DAST tools
- Understanding of secure system design principles, including authentication/authorization, data protection, and service-to-service communication
- Familiarity with cloud and application security tooling (e.g., CNAPP/CSPM, SAST, DAST, container security, secrets management)
- Experience performing or supporting penetration testing and vulnerability assessments
- Knowledge of modern architectures, including microservices, APIs, containers, and serverless technologies
- Experience integrating security into CI/CD pipelines and developer workflows
- Proficiency in scripting or programming for automation (e.g., Python, PowerShell, or similar)
- Strong understanding of security risks and mitigation strategies across both application and infrastructure layers
- Demonstrated ability to collaborate cross-functionally and influence secure design decisions
- Excellent communication skills, including the ability to translate technical risks into business-friendly language