Application Security Engineer [Remote-US]

We're looking for an Application Security Engineer to help build secure-by-default products and services across Quanata's AI-native insurance technology platform. In this role, you'll partner closely with Product, Engineering, and Security teams to identify risks early, strengthen secure development practices, and ensure our applications are resilient, scalable, and compliant.

You'll play a key role in embedding security throughout the software development lifecycle while helping teams move quickly and safely.

• Partner with Product and Engineering teams to integrate security into application design and development
• Lead threat modeling exercises and identify practical security solutions for complex systems
• Conduct secure code reviews, application security assessments, and vulnerability analysis
• Develop and implement automated security guardrails across the SDLC
• Investigate, prioritize, and drive remediation of application security findings
• Promote secure coding practices through training, coaching, and awareness initiatives
• Collaborate with Security, Privacy, and Business Assurance teams to support compliance and risk management objectives
• Create and maintain security standards, procedures, and best practices that scale across teams

• Associate's degree or equivalent experience required; Bachelor's degree preferred
• 4–6+ years of experience in software engineering, including at least 2 years focused on application security
• Experience partnering directly with software development teams to improve application security
• Knowledge of secure-by-design principles and modern application security practices
• Familiarity with OWASP Top 10, ASVS, MASVS, and common application security frameworks
• Experience with threat modeling methodologies such as STRIDE, PASTA, or similar approaches
• Working knowledge of cloud platforms and modern application architectures
• Proficiency in at least one programming language and its security ecosystem
• Strong communication skills and the ability to influence technical and non-technical stakeholders
• Comfortable operating in a fast-paced environment with shifting priorities

• Security certifications such as CSSLP, GWEB, OSWE, or similar
• Experience working in insurance, financial services, healthcare, or other regulated industries
• Advanced knowledge of cloud security and application security architecture
• Experience with mobile application security, QA testing, or penetration testing
• Familiarity with AI technologies, LLM security, or prompt engineering
• Experience building scripts or automations to streamline security processes
• Active involvement in the security community through conferences, mentoring, presentations, publications, or open-source contributions