Who are we?
A strategic and trusted insurance partner, Berkshire Hathaway Specialty Insurance (BHSI), provides a broad range of commercial property, casualty and specialty insurance coverages and outstanding service to customers and brokers around the world. Part of Berkshire Hathaway’s insurance operations, we bring our solutions to market with our stellar brand name, top-rated balance sheet, and the expertise of our global team of professionals, who exude excellent capabilities and strong character.
We are a values-based organization where respect, integrity, excellence, collaboration, and passion define who we are and how we do business. We value diversity of backgrounds, experience, and perspectives and strive to foster an inclusive environment that enables all our team members to bring their best selves to work. We are one team committed to building a culture where every teammate has the opportunity to contribute and be recognized. Want to be part of the team building the finest property, casualty and specialty lines insurance company in the world?
Berkshire Hathaway Specialty Insurance (BHSI) is looking for a mid-level application security professional with 2-5 years of experience in Application Security to join their Boston MA security team in the office. As an Information Security team member in the role of an application security analyst you will be responsible for assessing risk and providing technical guidance to DevOps teams for web applications, UIs and APIs to ensure improvement and maintenance of our security coverage and protection of our data. You will also work collaboratively without our security team as well as across the enterprise to ensure security is forefront in application and API development.
Duties & Responsibilities:
- Be a subject matter expert (SME) for application security to development teams, product teams, business analysts, and project managers to ensure that security is baked into their process at all levels.
- Experience with championing design, development, and testing of security requirements leveraging OWASP Top10 and OWASP API Top 10 standards.
- Assessing secure coding principles against dev projects/activities and helping to provide recommendations and roadmap for risk and then follow up and management reporting for adherence and residual risk.
- Enhancement and own existing framework and policies associated with application security to ensure alignment with industry best practices, regulatory and compliance requirements, and emerging threats.
- Review finding of DAST, SAST, IAST and ensure that critical problems are understood, managed, and remediated by development teams prior to releases.
Qualifications, Skills and Experience:
- Between 3 and 5 years’ experience succeeding in application security with Azure and AWS cloud services.
- Have a strong character which includes a ‘security mindset’ in evaluating risk and remediation (tactical and strategic) to support driving business decisions securely.
- Excellent written and verbal communications which translates to the ability to take technical designs, problems, and solutions and be able to articulate those both technically and at a summary management level.
- Experience with working in Secure Software Development Lifecycle frameworks and being able to articulate the value of using them.
- Experience with evaluating, implementing, configuring, and using toolsets to facilitate testing of application security and API security.
- Training, certification, or degrees associated with App Security.
- CISSP, CCIE, CISM, CISA, CCSK, or OSCP certified are a plus.
- A competitive package and exciting growth opportunities for career-oriented teammates.
- A dynamic, action oriented, and thoughtful environment centered on always doing the right thing for our customers, teammates and our other stakeholders.
- A purposely non-bureaucratic organization that embraces simplicity over complexity and emphasizes individual excellence in a team framework.
NOTE: Compensation will be commensurate with experience. This job description is not intended to be all-inclusive. Team Member may perform other related duties as negotiated to meet the ongoing needs of the organization.
Clicking apply will direct you to our recruiting module within ADP.