Security Engineer, Application

As a Security Engineer, Application you will be responsible for developing and growing a risk-based Application Security program to reduce operational risk through secure development practices and advance Hagerty’s overall cyber security program.  You must like work in multi-disciplined team and with other sharp engineers in a success-oriented, fast-paced, and dynamic environment. In this role you will provide expert technical guidance and hands-on validation of security controls in all areas of the secure software development life cycle (SSDLC) and service-oriented architecture through the modeling, planning, deployment, and use of world-class application security solutions.

Ready to get in the driver’s seat? Join us!

What you’ll do 

• Design, deploy, and maintain a wide range of security controls. 
• Collaborate with engineers, consultants, and leadership to address security risks and provide mitigation recommendations within the Secure Software Development Life Cycle (SSDLC).  
• Lead the creation of secure coding practices and standards.  
• Perform security architecture and design reviews of all systems and applications developed by Hagerty teams.  
• Perform validation of security controls to ensure adherence with compliance and industry best practices.  
• Determine the impact and provide guidance on emerging programming methods, technologies, and industry trends as they apply to Hagerty’s security posture.   
• Understand, communicate, and balance business risk with security risk.  
• Ability to understand business requirements and apply security controls without adversely affecting the desired functionality.  
• High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.  
• Communicate with engineers, consultants, and leadership to coordinate and deliver security objectives.   
• Determine gaps in cyber security tooling and work with engineering teams to get needed tools deployed and maintained. For example, SAST / DAST tools.  
• Participate in the on-call rotation. 

This might describe you 

• Bachelor s degree in Computer Science, Information Security/Cyber Security or equivalent.  
• 3+ years’ experience in information security.  
• 2+ years’ experience working within software development.  
• Excellent written and oral communication skills and interpersonal skills including the ability to articulate to technical and non-technical audiences.  
• Firm understanding of enterprise class application architectures that are highly scalable, reliable, and the ability to secure them.  
• Experience of security architecture and design reviews.  
• Experience with multiple languages such as .NET, Python, and Java etc. and understand how to detect and remedy related security issues such as OWASP Top 10.  
• Deep technical understanding of how cyber-attacks are carried out and how they can be disrupted.  
• Ability to work independently with minimal direction; self-starter/self-motivated.  

Desired Experience  

• Excellent analytical, evaluative, and problem-solving abilities.  
• Experience with securing host, database, and application solutions for multi-tier systems.  
• Experience with AWS and serverless software technologies.  
• Experience with Agile and project management tools like Azure DevOps.  
• Experience with DevOps pipelines and deployment processes.   
• Technical certifications within information security are a plus (CISSP, CCSP, GIAC or equivalents).  

Other things to note

This position can be worked as remote position within the United States.

Familiarity with public company requirements, including Sarbanes Oxley and key regulations, if applicable. For SOX compliant roles, responsible for designing, executing, and documenting internal controls where they have been identified as owners to prevent errors in financial reporting, processes, and business operations. Including attestation to the completeness, accuracy, and compliance of all financial reporting data, where applicable.

Say hello to Hagerty

Hagerty is an automotive enthusiast brand and the world’s largest membership organization for car lovers. Along with being a best-in-class provider of specialty insurance for enthusiasts, Hagerty is also home to the Hagerty Drivers Foundation, Garage + Social, Hagerty Drivers Club, MotorsportReg and so much more. Committed to saving driving for future generations, each and every thing Hagerty does is dedicated to the love of the automobile.

Hagerty is a rapidly growing company that values a winning culture. We provide meaningful work for, and invest in, every single team member.

At Hagerty, we share the road. We are an inclusive automotive community where all are welcomed, valued and belong regardless of race, gender, age or car preference.  We are united by our shared passion for driving, our commitment to preserve car culture for future generations and our desire to make a positive impact in the world.

If you reside in the following jurisdictions: Illinois, Colorado, California, Washington, New York, or Jersey City, New Jersey, British Columbia, Canada please email recruiting@hagerty.com for compensation, comprehensive benefits and the perks that set us apart.

#LI-Remote

EEO/AA