Application Security Manager

Headquartered in Salt Lake City, Utah, SILAC Insurance Company is one of the fastest-growing insurance companies in the nation and continues to be a top contender in the industry. SILAC offers industry-leading annuity products that help individuals prepare for retirement. Teams can align around a shared vision of providing clean, simple & competitive products for clients, delivering best-in-class service to agents & business partners, and propelling the success of our employees.

With a fast-growing team of more than 300 employees, we are committed to remaining adaptable, innovative, and trustworthy for our clients, agents, and employees.

We hold true to our core values: Adaptability & Continuous Improvement, Transparency & Trust, Honesty & Integrity, Teamwork & Collaboration, and Gratitude & Compassion. At SILAC Insurance Company, we welcome and encourage diversity and are dedicated to creating an environment and culture that is respectful and inclusive for everyone.

Since 2016, we have received numerous regional and national awards for our products, business, and workplace culture. To name a few: Regional Top Workplace Award for 2016, 2017, 2020, 2021 & 2022. National Top Workplace Award for 2022 & 2023. Top Workplace in Compensation & Benefits, Leadership, & Finance Industry. WINK 2019 Trailblazer Award. S&P Global Market Intelligence 2020 - 3rd Fastest Growing Life Insurance Company.

Full Time or Part Time: Full Time
Standard Hours Per Week: Monday - Friday, 40 hours/week
Work Schedule: Core hours start by 8:00 AM local time
Schedule Type: Remote, Occasionally in the office

SILAC Insurance Company provides an extensive variety of benefits that includes: Medical, Dental, Vision, Health/Flexible Savings Account, 401(k) & ROTH, Pet Insurance, Parental Leave, Paid Time off, 10 Paid Holidays, Birthday Pay, Paid Volunteer Time, Employee Assistance Program, and Tuition Reimbursement. Please inquire about more information about other benefits and perk offerings.

Responsibilities:

Security Team Manager - Lead a team of Information Security Application Engineers tasked with advancing SILAC's Secure SDLC program. Build and foster the team's abilities to collaborate and achieve security outcomes. Manage the team's project and operational activities in coordination with the Solutions Engineering team. Advocate and advance the goals of the application security program. Lead application security reviews, and deliver reports that enable understanding and remediation of security concerns

Secure SDLC - Collaborate with Software Engineering and other technical teams to understand custom applications, development processes, and support systems in order to build secure by-design services. Assess and prioritize secure SDLC framework activities, assist in advancing engineer security awareness, perform secure code reviews, and build security into delivery and maintenance processes. Work closely with the architecture team to define security requirements for systems.

Security Operations - Maintain organizational threat & vulnerability management awareness, systems, processes, and procedures. Understand the evolving threat landscape, assess company asset exposure, and carry out daily activities that support security goals. Collaborate with IT teams to complete remediation efforts. Participate in incident response activities.

Documentation - Review, assess, and update security documentation, including policies, standards, baselines, and procedures. Maintain and update reporting processes that communicate key security KPIs to stakeholders. Create and track metrics that reflect secure SDLC activity performance.

Security Culture - Act as a champion for the company's security-aware culture. Establish and foster cross-team relationships, and promote informed, educated security decision-making across the organization. Strive toward a culture of continuous improvement by advancing personal and team skills and capabilities.

Job Requirements

Required

• Five years of software development, engineering, or architecture work experience
• Experience managing a professionally skilled team, including organizing work, evaluating performance, conducting reviews, and fostering employee development
• Substantive security-focused, professional work experience
• Deep understanding of web application architecture design, software development, and related security concepts and concerns, including secure coding patterns, OWASP, data flows, authentication, access control, and data protection
• At least one domain-related security certification, such as CISSP or CSSLP
• Exceptional communication and collaboration skills 
• Ability to shape and support secure practices that are accomplished by others
• Experience with threat modeling methodologies, ideally STRIDE
• Ability to integrate security principles and techniques, such as IAM, defense in depth, least privileged access, and vulnerability management into development and delivery processes
• Proficiency in several coding languages, ideally C#, Python, React, Angular
  • Ability to quickly learn and apply security concepts to new languages
• Experience with relational database design and SQL query language
• Solid organizational skills and the ability to prioritize tasks
• Ability to prosper in a fast-paced, constantly changing environment  
• High level of integrity, trustworthiness, and ethics

Desired

• At least one skillset and experience related security focused certification
• Experience implementing governance models, such as NIST CSF or ISO 27001
• Experience with Agile project management techniques
• Financial industry experience
• Experience with regulated environments such as PCI, HIPAA, GLBA, SOX, FFIEC

A Day in the Life of an Application Security Manager

• Lead the application security effort and team
  • Guide team members' daily project and operational activities
• Interact with the Engineering team to advocate secure SDLC activities
  • Manage and mature the application security program through direct interactions
  • Work with architects and engineers to review and design security requirements
  • Interact with sprint teams on security-related issues, such as secure code reviews, threat modeling, coding patterns, and security awareness
  • Determine and report on secure SDLC metrics
• Participate in security operations activities, with an emphasis on source code and runtimes
  • Review patch and vulnerability notifications as issued
  • Vulnerability discovery, validation, and remediation tracking
  • Collaborate with IT teams to design remediations and shepherd through to completion
  • Monitor for and review indicators of compromise from various systems
• Contribute to the design, planning, and implementation of security-related projects
• Write, review, and update security documentation, respond to audit requests

At SILAC Insurance Company, our core values are not just a requirement, they are a standard by which we live. These values are incorporated every day, whether we are discussing ideas for new projects and procedures, finding a resolution for a customer's problem, or recruiting new talent. It is just one of the many things that make SILAC Insurance Company a Top Workplace.

We celebrate a diverse and inclusive work environment, where we honor and support varying backgrounds, beliefs, and perspectives for the benefit of our business, including our employees and products. We are proud to be an equal opportunity workplace and strive to be a place where every employee feels they belong. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. If you have a disability or special need that requires accommodation, please let us know.

Salary : $0