The Hartford Senior Application Security Engineer in WINDSOR, Connecticut

Title: Senior Application Security Engineer

Location: United States-Connecticut-Windsor

Job Number: 1701465


As a member of The Hartford's Application Security engineeringteam, the candidate will work within a multi-disciplined team to provideexpertise on application security design and architecture, provide solutions forRESTful and SOAP based service security, design API security patterns to supportapplication development community to utilize best security practices. Thecandidate will work to help further develop and refine The Hartford’sApplication security program into the Hartford’s SDLC as that process matures.

  • Responsible for providing engineering and architecturedirection for application security designs that solve businessproblems.
  • Responsible for working with application teams on securitysolution design and implementation.
  • Responsible for accessing security solutions proof of valueand conducting proof of concept.
  • Responsible for providing security solutions for webapplications, web services and API management.
  • Responsible for applying and ensuring that all enterprise andindustry standards and best-practices are followed in application securitydesign and remediation.
  • Responsible for educating other team members on applicationsecurity standards and best practices
  • Responsible for participating in enterprise technology andfunctional planning processes to develop standards and bestpractices
  • Responsible for developing application security engineeringand architecture roadmaps and blueprints for securitydomains



  • Experience designing web application and web service securitysolutions.
  • At least 5 years on experience in web service (SOAP andRESTful) security.
  • Expertise in various authentication and authorization patternsusing enterprise tools and technologies.
  • 4-6 years of Experience with IBM Datapower or similarsolution.
  • At least 2 years of experience with SAML2.0, OAuth, OpenIDConnect based patterns
  • Familiarity with the OWASP framework and application securitybest practices. Understanding of Software Security Architecture and Design,SDLC and the ability to clearly articulate best practices for applicationsecurity
  • A diverse skill base in both Information Systems andInformation Security
  • The ability to work closely with Business and development anda thorough understanding of the balance between Business and Securityrequirements
  • Passion to work on newer technologies and explore the securitydomain.
  • Strong written and verbal communication skills. Specificrelevant experience should include writing and presenting application securityassessment reports. Candidate should have experience making and defending soundtechnical arguments that incorporate relevant technical and businessconsiderations, and building consensus among stakeholders.

Nice to have:

  • Knowledge of encryption and keymanagement solutions.

Job: Engineering