Application Security Analyst

biBerk is building a cloud-first, API driven, dynamic insurance platform that enables customers to purchase insurance policies directly online. Expanding our team, we are adding experienced security innovators to enhance our development efforts.

This role will focus primarily on application security, ensuring the confidentiality, integrity, and availability of our software applications. The ideal candidate will possess a strong understanding of application security principles, vulnerabilities, and remediation techniques.

The Application Security Analyst will be responsible for identifying and mitigating security vulnerabilities in our applications throughout the software development lifecycle (SDLC). This includes performing security assessments, collaborating with development teams, and contributing to the overall improvement of our application security posture. This role requires a proactive approach, a passion for security, and the ability to communicate technical concepts to both technical and non-technical audiences.

Job Responsibilities

• Conduct security assessments of web applications, mobile applications, and APIs, including penetration testing, vulnerability scanning, and code reviews.
• Identify and document security vulnerabilities, providing clear and actionable recommendations for remediation.
• Collaborate with development teams to ensure that security best practices are integrated into the SDLC.
• Participate in the development and implementation of application security policies, standards, and procedures.
• Stay up-to-date on the latest application security threats, vulnerabilities, and attack techniques.
• Research and evaluate new security tools and technologies.
• Contribute to the development and delivery of security awareness training.
• Monitor security alerts and logs, and respond to security incidents as needed.
• Participate in security audits and compliance assessments.
• Document and report on security findings and metrics.
• Contribute to the continuous improvement of the application security program.

Required Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in application security testing and vulnerability management.
• Ability to work independently and as part of a team.
• Strong analytical and problem-solving skills.
• Strong understanding of application security principles, including the OWASP Top 10 and SANS CWE Top 25.
• Strong verbal and written communication skills, collaboration capabilities, and attention to detail
• Experience working on large software development projects while collaborating across multiple agile teams
• Ability to work from 8:00AM-4:30PM local time, this is currently a full-time remote position
• Ability to respond to occasional after-hours requests

Required Technology Experience

• Experience with various security testing tools, such as Burp Suite, OWASP ZAP, Checkmarx, Fortify SCA, or similar.
• Knowledge of common web application vulnerabilities, such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
• Experience with at least one programming language (preferably Javascript frameworks such as Angular, .Net Core services) and the ability to perform code reviews for security vulnerabilities.
• Familiarity with different software development methodologies (e.g., Agile, Waterfall).

Preferred Knowledge

• Relevant security certifications, such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or GIAC Web Application Security Analyst (GWAPT).
• Experience with mobile application security testing.
• Knowledge of cloud security best practices.
• Experience with DevSecOps practices.
• Experience with threat modeling.
• Experience with security incident response.

About BHDIC

biBerk is where commercial insurance buyers can obtain coverage for their businesses from insurers of the Berkshire Hathaway group of Insurance Companies, one of the best capitalized insurance groups in the world. Our ultimate parent, Berkshire Hathaway Inc. (berkshirehathaway.com) is a holding company with diversified interests in a host of industries, including insurance, energy, transportation and manufacturing. Most policies issued through biBERK.com will be underwritten by Berkshire Hathaway Direct Insurance Company ("BHDIC"), which is an AM Best rated A++ insurer.

BHDIC is domiciled in Omaha, Nebraska. BHDIC and the team at biBerk are focused on helping small business owners quickly and easily buy affordable insurance directly from a financially strong insurance company they can trust.

Some highlights of our benefits are:

• Great work environment with growth opportunity
• Competitive compensation
• Generous amounts of vacation and sick time
• Closed on major holidays
• 401(k) with company match
• A fantastic healthcare package
• Tuition reimbursement after 6 months of employment

In accordance with pay transparency laws and regulations, the following good faith compensation range estimate is being provided.  The salary range for this position is $70,000 to $90,000 per year.  Final compensation will be based on candidate qualifications, geographic location, and other considerations permitted by law.