About SILAC SILAC Insurance Company is one of the fastest-growing insurance companies in the nation and continues to be a top contender in the industry. SILAC offers industry-leading annuity products that help individuals prepare for retirement. Teams can align around a shared vision of providing clean, simple & competitive products for clients, delivering best-in-class service to agents & business partners, and propelling the success of our employees.
With a fast-growing team of more than 300 employees, we are committed to remaining adaptable, innovative, and trustworthy for our clients, agents, and employees.
We hold true to our core values:
- Adaptability & Continuous Improvement
- Transparency & Trust, Honesty & Integrity
- Teamwork & Collaboration
- Gratitude & Compassion
At SILAC Insurance Company, we welcome and encourage diversity and are dedicated to creating an environment and culture that is respectful and inclusive for everyone.
Application Security EngineerDepartment Overview: The Application Security & DevSecOps team at SILAC plays a crucial role in ensuring secure software development practices and protecting applications against emerging threats. By combining application security, vulnerability management, and automation, this team collaborates with developers and IT to create secure, resilient, and high-performing applications that meet business goals while safeguarding sensitive information.
Job Overview: This entry-level role offers the opportunity to build a career in application security and DevSecOps. The Application Security & DevSecOps Analyst will focus on identifying and managing vulnerabilities in SILAC's applications and software environments. As well as work with dedicated development security specialists to prevent security bugs through threat modeling and provide educational support to solutions engineering teams. The role also provides flexibility to assist with DevSecOps responsibilities, including security automation and secure development pipelines. Working under experienced mentors, this position is designed to help you grow into a well-rounded security and DevSecOps professional.
Job Details What you'll do:
Application Security & Vulnerability Management
- Conduct application security assessments and code reviews to identify vulnerabilities.
- Manage vulnerability scans and assist in prioritizing and remediating identified risks.
- Collaborate with development teams to integrate secure coding practices and resolve security issues.
- Support security testing, including SAST, DAST, and open-source dependency scanning.
DevSecOps Support
- Assist in integrating security controls into CI/CD pipelines to automate vulnerability detection.
- Support the implementation of security as code and infrastructure as code practices.
- Collaborate on container security, cloud security posture management, and related initiatives.
Security Tools & Automation
- Gain hands-on experience with tools such as Checkmarx, SonarQube, Team City, BitBucket, OWASP ZAP, and others.
- Assist in scripting and automating security testing and remediation processes.
- Monitor security dashboards and generate actionable reports for stakeholders.
Collaboration & Continuous Learning
- Work closely with the development, DevOps, and security teams to maintain a secure software development lifecycle.
- Pursue ongoing training to gain expertise in application security frameworks and DevSecOps methodologies.
- Contribute to creating and maintaining security policies, guidelines, and documentation.
Job RequirementsRequired:
- Education: Bachelor's degree in Computer Science, Cyber Security, or related field (or equivalent experience).
- Strong interest in application security, DevSecOps, or software development security practices.
- Basic understanding of and experience with programming/scripting languages (e.g., C , Python, JavaScript, Java, or Bash).
- Problem-solving mindset and attention to detail in identifying and addressing risks.
- Strong collaboration and communication skills to work effectively with multiple teams.
Desired:
- Experience with version control systems (e.g., Team City, Bitbucket) and CI/CD pipelines.
- Familiarity with application security frameworks (e.g., OWASP Top Ten) or scanning tools.
- Knowledge of cloud services and security fundamentals (AWS, Azure, or GCP).
- Relevant certifications such as CompTIA Security+, Azure Certified Cloud/DevSecOps, or similar.