Lead Application Security Engineer

About Acrisure

A global fintech leader, Acrisure empowers millions of ambitious businesses and individuals with the right solutions to grow boldly forward. Bringing cutting-edge technology and top-tier human support together, we connect clients with customized solutions across a range of insurance, reinsurance, payroll, benefits, cybersecurity, mortgage services – and more.

In the last eleven years, Acrisure has grown in revenue from $38 million to almost $5 billion and employs over 19,000 colleagues in more than 20 countries. Our culture is defined by our entrepreneurial spirit and all that comes with it: innovation, client centricity and an indomitable will to win.

Job Summary:

As the Lead Application Security Engineer, you will have the unique opportunity to own and grow the organization’s application security program within a large and highly regulated financial services environment. In this role, you won’t just monitor tools—you’ll set the vision, drive the strategy, and lead cross-functional efforts to embed security across the software development lifecycle. Partnering closely with developers, product teams, and security operations, you will build and scale security capabilities, integrate cutting-edge tooling, and champion a culture of secure coding practices.

Responsibilities:

• Application Security Program Leadership
• Lead the organization’s Application Security (AppSec) program with a focus on continuous improvement and measurable outcomes.
• Define and enforce AppSec strategy, roadmap, and KPIs in alignment with enterprise security goals.
• Partnership with Development Teams
• Collaborate with software engineering teams to integrate security controls, best practices, and policies throughout the SDLC.
• Promote a "security by design" culture by coaching and mentoring developers on secure coding practices.
• Support threat modeling, secure code reviews, and security architecture discussions.
• Security Tooling and Integration
• Implement, configure, and maintain application security tooling (SAST, DAST, SCA, IaC scanning, container security).
• Integrate security checks into CI/CD pipelines using GitHub and other platforms.
• Evaluate emerging technologies and recommend tools that enhance automation and scalability.
• Monitoring, Incident Response, and Metrics
• Partner with SOC analysts to investigate application-layer alerts, incidents, and vulnerabilities.
• Track and report key security metrics, including vulnerability remediation timelines, pipeline coverage, and compliance with policies.
• Provide executive reporting and actionable insights on AppSec maturity and risk reduction progress.
  

Requirements

• Technical Expertise
• Strong knowledge of application security concepts, secure coding practices, and common vulnerabilities (e.g., OWASP Top 10).
• Hands-on experience with security testing tools such as SAST, DAST, SCA, fuzzing, and API testing platforms.
• Proficiency with GitHub or similar development platforms and integration of security into CI/CD pipelines.
• Ability to evaluate and implement automation strategies for AppSec processes.
• Collaboration and Communication
• Comfortable working directly with developers, architects, product owners, and other stakeholders.
• Experience presenting complex security findings to both technical and non-technical audiences.
• Strong leadership and mentoring abilities to encourage adoption of secure development practices.
• Security Operations Knowledge
• Familiarity with SOC operations, incident response workflows, and integrating AppSec into broader enterprise security practices.
• Understanding of vulnerability management and risk prioritization processes in large organizations.
  

Education and Experience:

• 5 years of professional experience in information security with a focus on application security.
• Previous experience as a developer or working closely with software development teams is strongly preferred.
• Certifications such as GWAPT, GWEB, CSSLP, OSWE, or other relevant industry credentials are a plus.
• Proven experience leading security initiatives at scale in enterprise environments, ideally within financial services or other highly regulated industries.
  
  

Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership.

Why Join Us:

At Acrisure, we’re building more than a business, we’re building a community where people can grow, thrive, and make an impact. Our benefits are designed to support every dimension of your life, from your health and finances to your family and future.

Making a lasting impact on the communities it serves, Acrisure has pledged more than $22 million through its partnerships with Corewell Health Helen DeVos Children's Hospital in Grand Rapids, Michigan, UPMC Children's Hospital in Pittsburgh, Pennsylvania and Blythedale Children's Hospital in Valhalla, New York.

Employee Benefits

We also offer our employees a comprehensive suite of benefits and perks, including:

• Physical Wellness: Comprehensive medical insurance, dental insurance, and vision insurance; life and disability insurance; fertility benefits; wellness resources; and paid sick time.
• Mental Wellness: Generous paid time off and holidays; Employee Assistance Program (EAP); and a complimentary Calm app subscription.
• Financial Wellness: Immediate vesting in a 401(k) plan; Health Savings Account (HSA) and Flexible Spending Account (FSA) options; commuter benefits; and employee discount programs.
• Family Care: Paid maternity leave and paid paternity leave (including for adoptive parents); legal plan options; and pet insurance coverage.
• … and so much more!
  
  

This list is not exhaustive of all available benefits. Eligibility and waiting periods may apply to certain offerings. Benefits may vary based on subsidiary entity and geographic location.

Acrisure is an Equal Opportunity Employer. We consider qualified applicants without regard to race, color, religion, sex, national origin, disability, or protected veteran status. Applicants may request reasonable accommodation by contacting leaves@acrisure.com.

California Residents: Learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy.

Recruitment Fraud: Please visit here to learn more about our Recruitment Fraud Notice.

Welcome, your new opportunity awaits you.