Application Security Engineer - Glendale, AZ

    • Glendale, AZ

Application Security Engineer

Are you a highly skilled cybersecurity application security professional that has a passion to secure web and mobile applications? Use your expertise to help us craft the next generation of our application security program. You will work closely with our cybersecurity teams, application development teams, and operations teams conducting security testing, penetration testing, purple teaming, and breach / attack simulation. Help us re-think what it means to be a secure insurance provider delivering capabilities in a fast-changing, highly competitive market.

Your day could include and experience we would like to see:

  • Perform penetration testing and secure code testing activities
  • Provide tactical and strategic guidance and detailed remediation advice aimed at helping clients achieve strong security postures
  • Consult with development teams and provide them with information about application security and secure development lifecycle processes
  • Automated testing in a DevSecOps process (Static Application Security Testing ? SAST, Dynamic Application Security Testing ? DAST, and other technologies as necessary into the overall SSDLC process design.
  • Managed real time application protection software and web application firewalls to provide proactive prevention of known attacks
  • Track and monitor current and trending practices in software engineering, DevOps and application security
  • Assist with the development and operational aspects related to purple teaming and breach / attack simulation, advanced our capabilities to both detect and prevention known attacks while mapping those activities to the MITRE ATT&CK Framework
  • Obtain and evolve technical expertise, certifications, and industry credentials through formal and informal training and other educational initiatives

Education, Certifications and nice to have:
  • Must have 3+ years of experience in application/network/web/mobile penetration testing and tooling, purple team, or application security engineering and architecture, preferably in a large and distributed operating environment
  • Demonstrated expertise in Application Security, specifically web and mobile application security, configurations, vulnerability assessments
  • Proficient knowledge of web development, including but not limited to Ruby, advanced JavaScript libraries (React, Angular, Knockout), Node.JS, JQuery, Object-Oriented Design, Web Services (REST/SOAP)
  • Professional experience with any of the following: Java, .NET, AWS, Functional programming, SQL, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr
  • Expert knowledge of OWASP Top 10 and ability to articulate web security risks
  • Knowledge of automated DAST, SAST, and RASP tooling is preferred, including but not limited to OWASP Zed Attack Proxy, BURP Suite, Nessus, Metasploit, Postman, HP WebInspect, Qualys, or WhiteHat
  • Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc is a plus
  • Possession of industry standard certifications such as OSCP, CEH, GWAPT, GPEN and/or other relevant penetration testing related certifications is a plus
  • Knowledge of SDLC, Agile, Waterfall, or Scrum
  • Information Security, Security Testing and/or Risk Analysis Experience
  • A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including: risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management
  • Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion
  • Proven excellent relationship management skills with all levels of the enterprise are required.
  • Ability to effectively collaborate across teams

CSAA Insurance Group offers many benefits, including:
  • Comprehensive health care plans, including medical, dental, vision, and tax-deferred spending accounts.
  • Employee assistance, healthy pregnancy and wellness programs.
  • Paid time off, plus nine paid holidays and 24 hours of volunteer time off.
  • 401(k) plus company matching up to 6% and a cash balance pension program.
  • Paid training, tuition reimbursement, self-service training and career development opportunities.

Be part of a community that works:
  • At CSAA Insurance Group, we take pride in our values-based culture. Helping our employees have enriched lives and satisfying careers is how we work. Our employees appreciate the integrity and inclusion that is evident throughout our everyday interactions. We respect the diverse range of perspectives, backgrounds and cultures of our teams, and join together when it comes to helping our members, community or one another.
  • Headquartered in Walnut Creek, California, our community also works in Arizona, Colorado, Nevada, New Jersey and Oklahoma. Learn more about us at
  • Please submit your application to be considered. We communicate via email, so check your inbox to ensure you don?t miss important updates from us.
  • We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.



CSAA Insurance Group is one of the top 20 personal property and casualty insurance groups in the United States, offering protection to nearly 17 million AAA members.

CSAA Insurance Group Company Image

Back to top