Risk Management Solutions Application Security Engineer in Chicago, Illinois

Application Security Engineer

Chicago, Illinois


Application Security Engineer

RMS is the world's leader in providing analytics and decision science solutions for the quantification and management of catastrophic risks throughout the world. The software, models, and services of RMS are used by hundreds of insurance and reinsurance companies, hedge funds, corporations, and governments to assess a wide range of natural and man-made perils such as earthquake, flood, hurricane, windstorm, terrorism and pandemic disease.

Key Responsibilities:

The Application Security Engineer will be responsible for

  • Ensuring web applications, APIs and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001 and the RMS Information Security Policy

  • Designing and automating assessments through penetration testing and ethical hacking, then analyzing security risks and recommending mitigating and compensating security controls.

  • Working closely with engineering and QA to ensure security principles are enforced in all stages of the software development lifecycle

  • Participating in source code reviews and providing assessments of changes to application design and architecture prior to release to production

  • Working closely with cross-functional teams to embed security, logging, auditing, and support all applications hosted within the corporate and cloud environments

  • Performing assessments of security tools, vendors, and solutions to support information security roadmap initiatives

  • Help develop and deliver training around secure development lifecycle and secure coding practice

  • Performing internal penetration testing working closely with the quality engineering team to assess and prioritize discovered security issues and vulnerabilities

  • Maintain and support application security tools, including static and dynamic security analysis solutions, and develop related documentation


  • Minimum 2-3+ years of experience in Information Security with an emphasis on application security

  • At least one security certification is highly desired. OSCP or CEH strongly preferred.

  • Experience with the development, deployment, and automation of application security solutions in an enterprise cloud-based environment

  • Experience in DevOps environments and maintaining security in CI/CD processes highly desired

  • Understanding of Microsoft Azure architecture and services

  • Understanding of OWASP Top 10 and CWE/SANS Top 25

  • Demonstrated proficiency in ethical hacking and whitehat penetration testing techniques

  • Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2 a plus

  • Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.

  • Experience in creating detailed solution design documents & diagrams

  • Demonstrated experience in investigating security issues related to web application exploits, credential stealing, and authentication-based exploits

  • Demonstrated ability to facilitate automation and integration through scripting in Powershell, Python, Perl, etc, highly preferred.

  • Demonstrated proficiency in JavaScript, HTML, PHP or Python. Programming experience in Java, C++ or C highly preferred.

  • Familiar with threat models for large, distributed systems and cloud-based SaaS infrastructure