Application Security Engineer
Company: MassMutual
Location: New York City
Posted on: November 27, 2025
|
|
|
Job Description:
Job Description Application Security Engineer, Application
Security, Enterprise Cyber Security Full-Time, Hybrid (Springfield,
MA, Boston, MA, New York, NY) The Opportunity We are seeking an
experienced Application Security Engineer with a passion for
solving problems and being innovative to join our Application
Security team and take charge of ensuring the confidentiality,
integrity, and availability of our applications. The ideal
candidate will have advanced knowledge of secure software
development, extensive experience with identifying vulnerabilities,
and the ability to implement robust security solutions. This role
will require technical expertise in secure software development
lifecycle (SSDLC), collaboration with development teams, security
architects, and other stakeholders to integrate security best
practices into all stages of the software development lifecycle.
The Team Our Application Security team is dedicated to ensuring the
security of MassMutual applications through rigorous assessments
and proactive measures. While we collaborate closely with security
architects, DevOps engineers, and software developers, our core
team focuses on securing applications by identifying, risk
assessing, prioritizing, reporting, remediation guidance, and
continuously monitoring applications for vulnerabilities,
implementing security best practices, and assisting teams in
remediating vulnerabilities. Our team brings various backgrounds
and experiences spanning from software engineering to red teaming,
valuing continuous learning, innovation, and collaboration. The
Impact: Your key responsibilities will consist of the following to
ensure applications are resilient against emerging threats,
reducing potential financial and reputational damage from security
incidents. Conduct in-depth security assessments, including
vulnerability scanning, and code reviews. Leverage automated tools
and manual testing techniques to identify, risk assess and
prioritize and propose remediation strategies for identified
threats and application-level vulnerabilities (e.g., OWASP Top 10,
etc.) ensuring our applications meet security standards and
reducing exposure to data breaches. Collaborate with security
architects to design secure application architectures that align
with industry best practices. Ensure secure coding practices are
followed, and security controls are incorporated into software
designs. Conduct detailed threat modeling to identify attack
vectors and potential weaknesses. Collaborate with our SDLC Council
to develop and maintain secure coding standards, empowering
developers to integrate security into the development process.
Partner with DevOps teams to implement security within CI/CD
(continuous integration & delivery) pipelines for automated and
seamless deployment of secure code. Actively participate in
incident response activities related to application security
breaches, providing rapid identification and mitigation guidance.
Ensure compliance with security regulations, frameworks, and
industry standards such as OWASP. Leverage reporting tools to
demonstrate the overall risk through metrics (KPIs, KRIs, OKRs) of
vulnerabilities and code defects to MassMutual’s cyber assets for
various team leaders and executive leadership for risk
prioritization and enablement of risk-based decision-making. Stay
up to date with the latest security threats, vulnerabilities, and
industry trends to inform and improve security strategies. Strong
problem-solving abilities and analytical thinking. Excellent
communication skills to explain security issues to both technical
and non-technical stakeholders. A team player with the ability to
work in a collaborative, fast-paced environment. Respond to
cybersecurity incidents related to software and application
vulnerabilities The Minimum Qualifications Bachelor’s or master's
degree in computer science, Information Security, or a related
field. Minimum of 5 years of experience in application security,
penetration testing, or secure software development. The Ideal
Qualifications Relevant security certifications such as CEH, OSCP,
or GWAPT from an industry recognized certifier (e.g., SANS/GIAC,
CompTIA, ISACA, ISC2, etc.) Strong knowledge of secure software
development methodologies, including threat modeling, code reviews,
and static/dynamic analysis. Experience in integrating security
into DevOps (DevSecOps) and CI/CD environments. Strong technical
knowledge of web application security, infrastructure as code
(IaC), container security, and API security. Familiarity with cloud
security (AWS, Azure, GCP) and containerized environments (Docker,
Kubernetes). Familiarity with SAST, DAST, and IAST tools. Deep
understanding of common vulnerabilities (e.g., OWASP Top 10) and
their mitigations. Advanced understanding and experience with
writing source code (e.g., JavaScript, Java, C/C++/C#, Python,
etc.) and familiarity with software security frameworks (e.g.,
Maven, Node, Gradle, etc.). Experience with identifying security
vulnerabilities/defects in dockers, containers, and Kubernetes.
Experience with cloud deployment and automation tools (Terraform,
GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets
Managers). Experience with incident response in the Cybersecurity
space Knowledge of compliance and regulatory frameworks (SOC 2,
etc.). LI-SC1 MassMutual is an equal employment opportunity
employer. We welcome all persons to apply. If you need an
accommodation to complete the application process, please contact
us and share the specifics of the assistance you need. California
residents: For detailed information about your rights under the
California Consumer Privacy Act (CCPA), please visit our California
Consumer Privacy Act Disclosures page.
Keywords: MassMutual, New York , Application Security Engineer, IT / Software / Systems , New York City, New York
