Application and Data Security Principal

Who we Are

Oncourse Home Solutions (OHS) is a people-centric, $450M organization that is owned by private equity firm, Apax Partners operating under the brands American Water Resources, Pivotal Home Solutions and American Home Solutions. We do what is right for our people so they can do their best when serving our 1.8+ million customers across the U.S. Our mission is to create lasting value for our customers and our partners by helping homeowners navigate the unexpected, reduce costs, and make homeownership enjoyable for all. Our vision is to make our products and services accessible to our customers and our partners by becoming the most trusted and reliable home solutions organization in the market. We are committed to fostering an environment that embraces diversity in all forms, where our employees, customers and partners feel valued, respected, and supported.

As a US-based warranty provider, we provide expertise in safety and homecare to our customers. Our integrated solutions meet customer needs both inside and outside the home. Inside the home we protect critical aspects of home function such as plumbing, heating and cooling, appliances, power surges, hot water heater, and interior electrical. Outside the home we provide protection for critical lines (water, gas, wells, sewers, electric and septic). We primarily go to market B2B2C, partnering mostly with water/gas/electric utilities and municipalities to offer our product leveraging their brand for marketing and often adding our subscription fee to the water/gas/electric bill itself. When our customers need help with home maintenance, repair, or coverage, OHS is there. This is what it means to be an 'Oncourse SUPER'-Successful, United, Progressive, Empathetic, Reliable. SUPERs get it done. We sweat homeownership so our customers and partners don't have to.

As an equal opportunity employer, our employment decisions are based on business needs, job requirements and individual qualifications without regard to race, color, religion, age, sex (including pregnancy), sexual orientation, gender identity, national origin, ancestry, marital status, parental status, mental or physical disability, military or veteran status, or any other basis protected by federal, state, or local law. Oncourse Home Solutions is committed to recruiting and retaining talented applicants and to providing all employees with a workplace free from discrimination and/or harassment.

Position Summary

The Application & Data Security Principal role is pivotal in bridging the current security gaps and embedding security into every aspect of the technology lifecycle at OHS. This role collaborates with various teams to integrate security into applications and platforms, ensuring the safe deployment and operation of in-house-built solutions. With expertise in identity and access management, data security, threat modeling, and the secure software development lifecycle, the engineer ensures that security controls are seamlessly integrated throughout the application development process. Additionally, the role leads efforts in API security, conducts security assessments for AI systems, and continuously improves security tools and processes to address evolving threats.

Our office environment is a key driver of our company culture and employee experience, so a regular in-office hybrid model (generally T-TH in office and M&F remote) is required.

Responsibilities include but are not limited to:
•  Develop, manage, and enforce data protection controls to ensure data security is always maintained.
•  Conduct threat modeling for complex applications and platforms
•  Secure code reviews, vulnerability assessments, application security standards and guidelines
•  Deploy, manage, operate RASP, SAST, DAST, WAF, IAST
•  Develop and implement Security measures for AI systems and initiatives
•  Establish API Security Frameworks, standards, and API Security management
•  Develop and manage application & data threat modeling and lead Secure SDLC efforts including standards
•  Define Identity and access controls with regards to applications, platforms and data
•  Update and maintain relevant standards and frameworks to ensure continued safeguarding company assets including sensitive data
•  Familiarity with PCI-DSS requirement and e-commerce security requirements and establish standards to secure e-commerce platform
•  Familiarity with authentication & authorization technologies sus as OAuth, SAML, JWT, federation and drive standards for consumer platforms in alignment with business requirements We are Excited if this is You

Experience and Qualifications of the Role
•  Minimum 10+ years of experience with technology and at least 7-years in Information Security within cloud-native or SaaS technology environments
•  Experience conducting threat hunting, threat modeling in cloud platforms such as AWS, Azure, Oracle, Salesforce, Snowflake and container environments
•  Relevant certifications such as CSSLP, GWEB, GWPAT, and AWS/GCP/Azure Security certifications are desirable.
•  Working experience performing security architecture review, code review, and building security requirements for the introduction of new technologies in a multi-cloud environment including SaaS applications.
•  Working experience leveraging and customizing native & 3rd party security tools to secure multi-cloud environments
•  Hands-on experience working in multi-cloud environment with an understanding of cloud technology components such as networking, segmentation, virtualization, encryption, secrets & key management, serverless, container, Kubernetes and IaC
•  Hands-on experience with cloud/infrastructure traffic analysis, anomaly detection, Web Application Firewall (WAF), RASP, IAM and security automation.
•  Familiarity with security concepts such as secure-by-design, application architecture, Authentication (SSO, SAML, Azure AD), Perimeter security, Micro-segmentation and Zero-Trust.
•  Hands-on experience with Policy as Code (PaC) using coding languages such as Python, Go, JavaScript, or YAML.
•  Hands-on experience with security testing tools such SCA, SAST, DAST and Website analysis
•  Extensive experience writing technical and business-friendly security documentation.
•  Strong analytical, problem-solving, and communication skills. Ability to work collaboratively in a dynamic environment and manage tasks with attention to details.
•  Experience working with developers, product managers, and having some eCommerce experience
•  Experience with Node.js, JavaScript, TypeScript, Python, and .NET Computer Skills Needed to Perform the Job
•  Proficiency in Microsoft O365
•  Strong Excel Skills
•  Strong PowerPoint / Presentation skills Education

Bachelor's degree in computer science, Cybersecurity, or comparable technical experience

Certificates, Licenses, Registrations

CISSP, CSSLP, GWEB, GWAPT or other relevant security certification and experience are desired.

We offer a compelling total rewards package that includes a competitive base salary and comprehensive benefits to support your total wellbeing. The base pay range for this position is $140,000 - $185,000 USD Annual. The specific pay offered will depend on qualifications, experience, education and skill set. The compensation offered may also include an annual performance-based bonus, sales incentive plan or commission target.

Our benefits include, but are not limited to, healthcare, life insurance, paid time off, retirement, commuter benefits, and education reimbursement. Exact compensation may vary based on skills, experience, and location.

Join our SUPER Team and Enjoy Amazing Benefits.
•  Competitive Compensation: We value your hard work and are proud of our competitive pay for performance philosophy.
•  Comprehensive Health Coverage: Medical, dental, and vision insurance options, plus paid short-term and long-term disability coverage.
•  401(k) Plan with 4% Company Match: Secure your future with our robust retirement plan.
•  Defined Contribution Arrangement: 5.25% of employee annual income contributed to your retirement plan, yearly up to 7,875 dollars.
•  Generous Paid Time Off: Take the time you need to recharge and relax.
•  Education Assistance Program: Invest in your growth and development with our support.
•  FSA/HSA Options: Flexible spending and health savings accounts to manage your transportation and dependent care expenses.
•  Employee Wellness: Access to EAP, health, legal, and financial resources to support your overall well-being.
•  Vibrant Company Culture: Monthly Townhalls, employee recognition programs, and Employee Business Resource Groups (EBRGs) to keep you engaged and connected. Competencies

Action Oriented - Enjoys working hard; is action oriented and full of energy for the things that he/she sees as challenging; not fearful of acting with a minimum of planning; seizes more opportunities than others.

Communicate Effectively - Is able to clearly and succinctly communicate verbally and in writing in a variety of settings and styles; can get messages across that have the desired effect.

Customer Focus . click apply for full job details