This job is expired.
AppSec Engineer (Contract)
AppSec Engineer (Contract)
Full Job Description
A #remote contractor-position for an AppSec Engineer is open at CSAA Insurance Group!
CSAA Insurance Group, a AAA insurer, offers automobile, homeowners and other personal lines of insurance to AAA Members through AAA clubs in 23 states and the District of Columbia.
Founded in 1914, we have been rated "A" or better by A.M. Best for more than 90 years and are one of the top personal lines property casualty insurance groups in the United States, according to the National Association of Insurance Commissioners.
Benefit options available depending on contract factors and upon meeting requirements.
Duties
• Review detected vulnerabilities, filtering false-positive results and assisting developers as questions arise from findings
• Advocate for OWASP Application Security Verification Standard (ASVS) as an internal standard
• Supporting standards-compliance in secure system development, support, assessment, remediation, and configuration/change management
• Conduct security assessments on application code and applications for security flaws, identify potential areas of improvement and provide actionable recommendations to developers.
• Collaborate with cross-functional teams to ensure that security best practices are incorporated into the design and architecture of our applications.
• Keep abreast of the latest security trends, vulnerabilities, and attack vectors and proactively identify potential risks to our applications.
• Proven experience with cloud security posture management and runtime protection
• Conduct continuous cloud security testing
• Hands on experience with cloud native application protection in AWS, Azure and/or GCP
• Experience performing threat modeling with application teams
Skills
• Proficiency with application security testing technologies such as SAST, DAST, SCA, IaC, IAST, RASP, Container Image Scanning, etc.
• Knowledge of common security vulnerabilities and best practices for remediation.
• Experience with security assessment tools such as static analysis tools, dynamic scanners and open-source library scanners.
• Awareness of application security across multiple verticals such as cloud/service provider, security provider, mobile, appliance
• Experience with source code management and AppSec testing tools
• Understanding of CI/CD Automation
• Familiarity with secure coding standards and practices, such as OWASP Top 10, OWASP Top 10 API.
• Familiar with building repeatable and automated security test suites
• Experience in application security, secure coding, vulnerability assessment and remediation.
• Understanding of web application architecture, including frameworks, APIs, and protocols.
• Proficiency in programming languages commonly used in application development, such as Java, C#, Python, or JavaScript.
• Knowledge of key security configurations for services such as EC2, S3, RDS and EKS
• Strong customer service skills
Education
• Cloud certifications such as AWS Certified Security - Specialty certification is a plus
• Bachelors degree in Computer Science, Information Security or a related field.
Tundra Technical Solutions (the operator of this Talent Community) is a global leader of contingent talent services. Our success and our clients' success are built on a foundation of service excellence. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law, including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Unincorporated LA County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: client provided property, including hardware (both of which may include data) entrusted to you from theft, loss or damage; return all portable client computer hardware in your possession (including the data contained therein) upon completion of the assignment, and; maintain the confidentiality of client proprietary, confidential, or non-public information. In addition, job duties require access to secure and protected client information technology systems and related data security obligations.
QUALIFICATION/LICENSURE
Work Authorization : Green Card, US Citizen
Preferred years of experience : 5 years
Travel required : No travel required
Shift timings : 8 AM to 5 PM
CSAA Insurance Group, a AAA insurer, offers automobile, homeowners and other personal lines of insurance to AAA Members through AAA clubs in 23 states and the District of Columbia.
Founded in 1914, we have been rated "A" or better by A.M. Best for more than 90 years and are one of the top personal lines property casualty insurance groups in the United States, according to the National Association of Insurance Commissioners.
Benefit options available depending on contract factors and upon meeting requirements.
Duties
• Review detected vulnerabilities, filtering false-positive results and assisting developers as questions arise from findings
• Advocate for OWASP Application Security Verification Standard (ASVS) as an internal standard
• Supporting standards-compliance in secure system development, support, assessment, remediation, and configuration/change management
• Conduct security assessments on application code and applications for security flaws, identify potential areas of improvement and provide actionable recommendations to developers.
• Collaborate with cross-functional teams to ensure that security best practices are incorporated into the design and architecture of our applications.
• Keep abreast of the latest security trends, vulnerabilities, and attack vectors and proactively identify potential risks to our applications.
• Proven experience with cloud security posture management and runtime protection
• Conduct continuous cloud security testing
• Hands on experience with cloud native application protection in AWS, Azure and/or GCP
• Experience performing threat modeling with application teams
Skills
• Proficiency with application security testing technologies such as SAST, DAST, SCA, IaC, IAST, RASP, Container Image Scanning, etc.
• Knowledge of common security vulnerabilities and best practices for remediation.
• Experience with security assessment tools such as static analysis tools, dynamic scanners and open-source library scanners.
• Awareness of application security across multiple verticals such as cloud/service provider, security provider, mobile, appliance
• Experience with source code management and AppSec testing tools
• Understanding of CI/CD Automation
• Familiarity with secure coding standards and practices, such as OWASP Top 10, OWASP Top 10 API.
• Familiar with building repeatable and automated security test suites
• Experience in application security, secure coding, vulnerability assessment and remediation.
• Understanding of web application architecture, including frameworks, APIs, and protocols.
• Proficiency in programming languages commonly used in application development, such as Java, C#, Python, or JavaScript.
• Knowledge of key security configurations for services such as EC2, S3, RDS and EKS
• Strong customer service skills
Education
• Cloud certifications such as AWS Certified Security - Specialty certification is a plus
• Bachelors degree in Computer Science, Information Security or a related field.
Tundra Technical Solutions (the operator of this Talent Community) is a global leader of contingent talent services. Our success and our clients' success are built on a foundation of service excellence. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law, including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Unincorporated LA County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: client provided property, including hardware (both of which may include data) entrusted to you from theft, loss or damage; return all portable client computer hardware in your possession (including the data contained therein) upon completion of the assignment, and; maintain the confidentiality of client proprietary, confidential, or non-public information. In addition, job duties require access to secure and protected client information technology systems and related data security obligations.
QUALIFICATION/LICENSURE
Work Authorization : Green Card, US Citizen
Preferred years of experience : 5 years
Travel required : No travel required
Shift timings : 8 AM to 5 PM
Job Information
Job Category:
Insurance
Spotlight
Employer
Related jobs
Server Assistant - Busser
Texas Roadhouse
At Texas Roadhouse, we are a people-first company that just happens to serve steaks. Legendary Food and Legendary Service is who we are. We're about loving what you're doing today and preparing you fo...
Apr 26, 2025
Odessa, FL
Server
Texas Roadhouse
At Texas Roadhouse, we are a people-first company that just happens to serve steaks. Legendary Food and Legendary Service is who we are. We're about loving what you're doing today and preparing you fo...
Apr 26, 2025
Grand Junction, CO
Server Assistant - Busser
Texas Roadhouse
At Texas Roadhouse, we are a people-first company that just happens to serve steaks. Legendary Food and Legendary Service is who we are. We're about loving what you're doing today and preparing you fo...
Apr 26, 2025
Murrells Inlet, SC
