Software Engineer II - Application Security

Vertafore is looking for talented people to join our team in Michigan. Our dynamic environment provides professional development, fast upward mobility, and exposure to the latest and greatest in technology. Vertafore is a leading technology company whose innovative software solution are advancing the insurance industry. Our suite of products provides solutions to our customers that help them better manage their business, boost their productivity and efficiencies, and lower costs while strengthening relationships.  Our mission is to move InsurTech forward by putting people at the heart of the industry. We are leading the way with product innovation, technology partnerships, and focusing on customer success.  Our fast-paced and collaborative environment inspires us to create, think, and challenge each other in ways that make our solutions and our teams better. 

We are headquartered in Denver, Colorado, with offices across the U.S., including East Lansing, Michigan – we are minutes from Michigan State University, Lansing Community College, and Cooley Law School!

As a Software Engineer II – Application Security, you will be a member of an energetic agile team dedicated to application security. You and your team will collaborate with teams throughout the organization to ensure our product solutions are secure. You will be a security champion and share your knowledge of security best practices with your colleagues to foster a culture of secure coding. You will assist application teams in the remediation or mitigation of security vulnerabilities, both in our applications as well as in third-party dependencies.

If you love technology, have a passion for application security, are hungry to learn, and are driven to contribute to a world-class team of engineers, you’re who we are looking for. 

Core Requirements and Responsibilities:  
• Ensures our applications meet internal security standards and SSDLC (Secure Software Development Lifecycle) best practices.
• Develops new features and maintains existing features of our internal security tooling.
• Participates in threat modeling exercises with application development teams.
• Monitors results of dynamic, static, and dependency vulnerability scans.
• Research security findings to assist in determination of validity.
• Supports application development teams in the remediation of vulnerabilities.
• Provides technical training on secure coding and ongoing guidance to application developers.
• Conducts technical research on vulnerable third-party libraries and provides recommendations for resolution.
• Monitors evolving security threats, escalating when necessary.
• Stay current on application security trends and practices.
• Promotes a culture of secure coding best practices.
• Creates artifacts/documents that are valuable to the team.
• Writes well-designed, testable code.
• Participates in code reviews, both of your own code and as a reviewer.
• Mentors and inspires others to raise the bar for everyone around them.

Knowledge, Skills and Abilities:  
• Has a solid understanding of the OWASP Top 10.
• Adheres to security standards and internal security SLAs. 
• Cares about and knows what it means to ship secure code; able to define and adhere to secure coding standards. 
• Able to investigate security issues and provide solutions for remediation or mitigation.
• Proficient with relevant security tools and technologies used to identify and resolve application security issues. 
• Can independently frame problems and perform relevant research.
• Collaborates with peers to design pragmatic solutions.
• Operates best in a fast-paced, flexible work environment. 
• Effective communication (written and verbal) and interpersonal skills. 
• Problem solver with strong analytical and critical thinking skills. 
• An innate curiosity about how things work; proactively acquires new skills and learns new tools and technologies to troubleshoot issues. 
• A team player and excellent collaborator. 
• Interested and capable of learning other programming languages as needed.  

Qualifications:  
• Bachelor’s degree in Computer Science (or related technical field) or equivalent practical experience.
• 2-3 years of professional experience with Java or .NET and common frameworks.
• Experience in or a strong desire to pursue an application security role.
• Experience with JavaScript and Angular, React.js, or similar. 
• Experience working in an Agile environment required.
• Knowledge of secure coding best practices.

Additional Requirements and Details:  
• Travel required up to 5% of the time. 
• Located and working from an office location. 
• Occasional lifting and/or moving up to 10 pounds.  
• Frequent repetitive hand and arm movements required to operate a computer.  
• Specific vision abilities required by this job include close vision (working on a computer, etc.). 
• Frequent sitting and/or standing. 
• #LI-Hybrid
• 70,000 – 85,000 / year