Job was saved successfully.
Job was removed from Saved Jobs.

Job Details

The Hanover Insurance Group

Senior Application Security Engineer


Applications Security

5 years



Massachusetts, Massachusetts, United States

Our Information Security Engineering team is seeking a Senior Application Security Engineer to join the growing Hanover organization as a fully remote employee.


The Senior Application Security Engineer will be responsible for working with development and DevOps teams to deliver application security standards and solutions that help development and engineering teams evolve towards a DevSecOps model while driving adoption of secure software development practices across the enterprise.

A candidate with a background in software development and a strong understanding of software development lifecycle and DevSecOps is preferred but other relevant skill sets will be considered.

The ideal candidate is a good communicator, persuasive, analytical, understands risk and is knowledgeable in application development and application security.


Develop and update application security standards, secure coding principles, and threat modeling processes.
Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance
Integrate application security testing and controls into different phases of teams’ development lifecycles.
Coordinate application security program metrics and reporting
Support ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system
Assist with training and mentoring of security champions
Partner with third party vendors to deliver software security tools and services
Provide expert consultation on application security requirements and best practices in relation to vulnerability scanning and secure application design
Partner closely on security operations tasks with cross-functional teammates in IT, DevOps, Engineering, and Test.
Engage with product owners, project managers and developers to conduct security reviews, identify risks and conform to organizational remediation/mitigation timelines.


A Bachelor's degree in Computer Science or technology/information security-related field.
5+ years of combined hands-on experience in software development and/or application engineering
Experience working with various development technologies including programming languages/frameworks supporting both backend and frontend development, source control management systems, and CI/CD tooling
Experience with Application Security tools such as Static Application Security Tests (SAST), Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA), penetration testing, threat modeling.
Functional understanding in tooling integrations that support agile, CI/CD, and DevSecOps methodologies
Strong knowledge of software security risks and threats (such as OWASP top 10)
Strong knowledge in vulnerability management processes and tools
Strong knowledge of secure software development life cycle.
Experience with threat modeling, software composition analysis, and vulnerability disclosure programs
Strong understanding of development methodologies, particularly Agile and DevOps.
Strong knowledge in cloud technologies and how to secure applications in cloud
Able to explain impact of vulnerabilities and mitigating strategies to application development teams as well as work with the SOC on discovery and remediation.
Able to work independently with minimal guidance and act as coach to other team members as necessary.
Experience leading through influence
Communication experience, interpersonal experience, and experience working cross-functionally with various teams.
Certification in cloud security and CISSP is preferred.