Application Security Engineer

About Quanata: Quanata is a premier, internationally recognized insurance technology innovation leader, cybersecurity trailblazer, and digital product pioneer on an absolute mission to help ensure a better world through sophisticated, context-based risk prediction and prevention software solutions. Blending elite Silicon Valley software talent and cutting-edge technical thinking with the stable, long-term funding and strategic backing of leading enterprise insurer State Farm, Quanata operates as a wholly owned high-growth subsidiary. Our distributed agile engineering groups build, manage, and scale a full-stack, flexible, and increasingly AI-native insurance software platform that empowers our primary clients, State Farm and HiRoad Assurance Company, to adapt seamlessly to changing consumer market demands. Prioritizing an inclusive, high-craft, and intensely positive workplace culture, Quanata thrives on giving its engineering teams the freedom to make a quantifiable structural impact on real-world systems. The company provides high-agency security engineers with an uncompromised remote canvas to leverage state-of-the-art secure development lifecycles, manipulate advanced automated vulnerability scanners, and govern cloud infrastructure safety models safely across the United States.

Position Overview

We are seeking a highly analytical, systems-minded Application Security Engineer to join our core centralized Security collective in a full-time remote capacity across the United States. In this high-leverage and tech-centric defensive seat, you will step up to claim true individual operational and strategic accountability for building secure-by-default products and services across our entire AI-native insurance technology platform. Shifting completely away from routine standalone firewall provisioning, monotone audit questionnaire checking, or passive baseline network monitoring, you will operate as a principal application defense architect—partnering face-to-face with Product and Software Engineering pods to shift security left into early application design phases. This position requires an enterprise tech or SaaS application security veteran with 4 to 6+ years of software engineering depth who codes automated security guardrails fluidly natively using Cybersecurity parameters, audits web codebases for logic flaws smoothly natively using QA Engineer inspection playbooks, and commands advanced threat modeling methodologies confidently under shifting production deadlines.

Key Responsibilities

• SDLC Security Automation and Architecture: Design, develop, and implement automated security testing guardrails, static/dynamic code analysis workflows (SAST/DAST), and dependency validation gates across our continuous deployment tracks cleanly natively utilizing Cybersecurity guidelines.
• Advanced Platform Threat Modeling: Lead comprehensive threat modeling exercises across complex, distributed software systems, leveraging methodologies like STRIDE or PASTA to isolate architectural vulnerabilities early in product discovery cycles.
• Meticulous Secure Code Auditing: Review pull requests, conduct deep semantic secure code reviews, and perform thorough application security assessments natively leveraging QA Engineer frameworks to eliminate potential application injection patterns, logical auth bypasses, or data leakage bugs.
• Vulnerability Management and Triage: Investigate, categorize, prioritize, and drive the systematic remediation of application security vulnerabilities, coordinating remediation tracks alongside software development cells.
• Secure Coding Advocacy and Coaching: Foster a secure development culture across the technical group, driving interactive secure coding training, engineering workshops, and proactive technical threat awareness initiatives.
• Compliance and Privacy Risk Management: Partner in lockstep with distributed Data Privacy, Security Operations, and Corporate Business Assurance teams to ensure platform compliance with strict insurance industry data rules and risk management objectives.
• Security Documentation and Standards Curation: Formulate, document, and maintain highly clear, scalable application security standards, procedural manuals, and secure-by-design baseline playbooks implemented across all engineering cells.
• AI Ecosystem and LLM Security Hardening: Research, model, and deploy specific defensive guardrails tailored to AI models, tracking emerging vector spaces including Large Language Model (LLM) top risks, injection strains, and prompt engineering leaks.

Required Skills & Qualifications

• A minimum of 4 to 6 years of verified professional history running advanced software engineering, application security consulting, penetration testing, distributed cloud security programming, or technical systems auditing.
• Mandatory Field Focus Depth: A minimum of 2 years of documented experience explicitly focused on application security engineering tracks, showing a history of partnering directly with software development teams to eliminate application layer risks.
• Deep, authoritative technical command of modern secure-by-design software development principles, containerization risks, cloud application patterns, and cryptography basics.
• Expert-tier capability writing security scanning macros, deploying automated pipelines, and configuring code parsers natively utilizing Cybersecurity tools.
• Practical operational familiarity parsing software testing registries, tracking vulnerability matrices, and running automated regression logic natively using QA Engineer protocols.
• Comprehensive familiarity with standard application security frameworks, requiring deep functional command of OWASP Top 10, ASVS, and MASVS guidelines.
• Hands-on programming proficiency in at least one modern programming language (such as Python, Java, Go, or JavaScript) alongside deep familiarity with its specific security ecosystem, library flaws, and package management constraints.
• Outstanding written, verbal, and interpersonal communication attributes in fluent English, enabling total confidence when explaining abstract technical risks or influencing cross-functional engineering leads.
• Location Context: Position open exclusively to qualified application security engineers based permanently and resident within the United States to operate under a remote-first layout (excluding U.S. territories), with core mandatory collaboration meeting hours running from 9:00 AM to 2:00 PM Pacific Time daily.

Preferred Strategic Indicators (Nice to Have)

• Possession of a recognized, industry-vetted technical security credential, such as a CSSLP, GWEB, OSWE, or closely related penetration testing certification.
• Prior commercial security engineering background operating explicitly within highly regulated environments, such as insurtech ecosystems, financial services SaaS platforms, fintech gateways, or healthcare records architectures.
• Advanced hands-on experience executing dynamic mobile application security testing (iOS/Android tracking) or running live web penetration testing events.
• Active, documented involvement in the global cybersecurity community through open-source contributions, developer mentoring, security publications, or conference presentations.

What We Offer

• Enterprise-Backed Silicon Valley Salaried Blueprint: An highly attractive full-time base salary package structured transparently between $175,000 and $215,000 USD per year, calibrated precisely to evaluate your application security authority and automation craft depth.
• The exceptional professional canvas to claim absolute technical ownership over the application security systems protecting a hyper-growth AI-native InsurTech platform fully backed by State Farm.
• Profound work-from-home remote parameters offering a remote-first layout across America, complete scheduling trust outside core meeting frames, and zero physical geographic commuting friction (with voluntary physical office access available for candidates resident near San Francisco, CA or Providence, RI).
• An exceptional **$2,000 USD One-Time Payment Workspace Stipend** provided immediately upon hire to fully furnish your remote office layout, paired with a brand-new, fully provisioned corporate MacBook Pro delivered straight to your home.
• Immediate baseline access to premium comprehensive corporate healthcare and family balance benefits, including robust medical, dental, and vision packages for you and your dependents, supplemental income tracks, and a company matching 401(k) plan.
• Access to elite mental health and wellness provisions, featuring a premium subscription to the Headspace application and a recurring monthly monetary wellness allowance.
• Generous time-off benefits, including an accrual of 4 weeks of paid vacation (PTO) in your very first year of employment, alongside 12 weeks of fully paid parental leave available to both birthing and non-birthing parents alike.
• Unmatched career and personal development upskilling systems, offering up to **$5,000 USD cash every single year** to finance external professional learning courses or continuing education, a full subscription to LinkedIn Learning, and advanced professional coaching tracks managed through BetterUp.