Hartford, CT, USA
30 days ago
Sr Application Security Engineer
Who Are We?

Taking care of our customers, our communities and each other. That’s the Travelers Promise. By honoring this commitment, we have maintained our reputation as one of the best property casualty insurers in the industry for over 160 years. Join us to discover a culture that is rooted in innovation and thrives on collaboration. Imagine loving what you do and where you do it.

Job CategoryTechnology

Compensation Overview

The annual base salary range provided for this position is a nationwide market range and represents a broad range of salaries for this role across the country. The actual salary for this position will be determined by a number of factors, including the scope, complexity and location of the role; the skills, education, training, credentials and experience of the candidate; and other conditions of employment. As part of our comprehensive compensation and benefits program, employees are also eligible for performance-based cash incentive awards.

Salary Range$130,200.00 - $214,800.00

Target Openings1

What Is the Opportunity?Travelers is seeking a Senior Application Security Engineer to join our organization as we grow and transform our Technology landscape. Individual will complete advanced end to end security engineering tasks that span many parts of a system, security research, application security testing, interpretation of vulnerability scan results, threat modeling code reviews and will provide defensive coding techniques consulting. Individual will also consult with engineering and architecture teams to determine new security patterns, system non-functional specifications, manage the effective use of resources, act as subject matter expert across multiple applications, systems and technologies, leverage technical and business knowledge to drive the planning and execution of complex initiatives, participate in the design/ development process, and provide technical leadership. Works with a single Value Stream and partners with Enterprise Security Engineering and Cybersecurity on pattern adoption. Individual may manage others.What Will You Do?

Support and own the development of an API Security strategy for secure development of GraphQL, REST, gRPC, and SOAP bases services.Support the validation of our API Security requirements through an API Security testing framework.Evangelize API secure design principles to our engineering community.Support Secure SDLC by building partnerships with our engineering community.Perform complex security engineering analysis, advanced level design, configuration and develops functions for impactful and high-visibility tasks.Take the lead on directing and implementing solutions to moderately complex, loosely scoped problems that are aligned with team goals.Deliver efforts both independently and by leading other team members.Act as a technology advocate, independently seeking opportunities where technology can be utilized to improve the business.Provide technical guidance and mentorship while fostering a team environment.Apply knowledge of current industry trends and techniques to formulate solutions within the context of assigned efforts.Seek opportunities to expand technical knowledge and capabilities.Perform other duties as assignedWhat Will Our Ideal Candidate Have?Bachelor's degree in Computer Science or a related field.Five years of application security and/or API development experience.Direct hand on experience developing and securing APIs.Strong experience with development in AWSStrong experience and understanding of API identity and access management controls (e.g. OAuth 2.0, OIDC, JWT)Strong experience with service-oriented architectures, web services security, and secure SDLC practices.Strong experience with integrating and managing tools involving SAST, SCA, and Secrets scanning capabilities.Moderate knowledge of build (CI/CD) pipeline technologies such as GitHub Actions, Jenkins, and/or GitLab CI/CD.Delivery - Advanced delivery skills including the ability to determines the software design strategy and methodology to be used for efforts, use automated tests, analysis, and informed feedback loops to ensure the quality and production readiness of work before release, monitor the health of work efforts and that of adjacent systems.Domain Expertise - Demonstrated track record of domain expertise including the ability to develop business partnerships and influence priorities by identifying solutions that are aligned with current business objective and closely follow industry trends relevant to domain, understanding how to apply them, and sharing knowledge with coworkers.Problem Solving - Strong problem solver who utilizes data and proofs of concepts to find creative solutions to difficult problems, reflects on solutions, measuring their impact, and uses that information to ideate and optimize as well as is adept at making decisions that involve a significant number of factors with broad implications.Communication - Strong communicator who possesses the ability to describe technology concepts in ways the business can understand, document initiatives in a concise and clear manner, collaborate effectively with teammates and others regardless of role, quickly extract core issues from discussions and meetings, give and receive constructive feedback, offer help when asked, and ensure everyone has a chance to share their thoughts and are heard; an attentive and empathetic listener.Leadership - Advanced leadership skills with the ability to take action even when there is no clear owner, inspire and motivate others, and be effective at influencing team members.

What is a Must Have?Three years of system security experience.

What Is in It for You?Health Insurance: Employees and their eligible family members – including spouses, domestic partners, and children – are eligible for coverage from the first day of employment.Retirement: Travelers matches your 401(k) contributions dollar-for-dollar up to your first 5% of eligible pay, subject to an annual maximum. If you have student loan debt, you can enroll in the Paying it Forward Savings Program. When you make a payment toward your student loan, Travelers will make an annual contribution into your 401(k) account. You are also eligible for a Pension Plan that is 100% funded by Travelers.Paid Time Off: Start your career at Travelers with a minimum of 20 days Paid Time Off annually, plus nine paid company Holidays.Wellness Program: The Travelers wellness program is comprised of tools, discounts and resources that empower you to achieve your wellness goals and caregiving needs. In addition, our mental health program provides access to free professional counseling services, health coaching and other resources to support your daily life needs.Volunteer Encouragement: We have a deep commitment to the communities we serve and encourage our employees to get involved. Travelers has a Matching Gift and Volunteer Rewards program that enables you to give back to the charity of your choice.

Employment Practices

Travelers is an equal opportunity employer. We believe that we can deliver the very best products and services when our workforce reflects the diverse customers and communities we serve. We are committed to recruiting, retaining and developing the diverse talent of all of our employees and fostering an inclusive workplace, where we celebrate differences, promote belonging, and work together to deliver extraordinary results. 

In accordance with local law, candidates seeking employment in Colorado are not required to disclose dates of attendance at or graduation from educational institutions.


If you are a candidate and have specific questions regarding the physical requirements of this role, please send us an email so we may assist you.


Travelers reserves the right to fill this position at a level above or below the level included in this posting.

To learn more about our comprehensive benefit programs please visit http://careers.travelers.com/life-at-travelers/benefits/.

Confirm your E-mail: Send Email