Taking care of our customers, our communities and each other. That's the Travelers Promise. By honoring this commitment, we have maintained our reputation as one of the best property casualty insurers in the industry for over 160 years. Join us to discover a culture that is rooted in innovation and thrives on collaboration. Imagine loving what you do and where you do it.
Job Description SummaryYou will be a point of contact for the Claim Cloud Security program. You will provide cloud security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure Claim assets in the cloud. You will be responsible for both ensuring application and data security for on-prem and cloud solutions. You will be the point of contact for threat modeling activities for Claim and patterns for encryption and key management in the cloud. You will be responsible for working with Claim architects and software engineers, within the Value Streams, to help guide them through the security activities as we move assets to the cloud. You will work closely with the Claim Architecture Review Board to identify architectural patterns in use and work with the teams we address known and emerging threats.
The successful candidate for this role will be expected to think like an attacker and anticipate how they might exploit weaknesses. You will be responsible for researching relevant attack methods and engage with other LOBs and Travelers centralized Cybersecurity group to help ensure that all relevant risks are identified and addressed throughout the DevSecOps process. Thorough understanding of cloud threats and the ability to drive technical solutions enables the Cloud Security Engineer to work on exciting challenges and work with cutting edge technology in the cloud. As threats, regulatory requirements, and business challenges change, this role will contribute to the development of Claim Cloud Security Framework. The Cloud Security Engineer will be engaged with many teams within Value Streams and be responsible for identifying new patterns and supporting the teams embrace cloud for the use of cloud services.
This includes creation of standards and procedures as they relate to the SDLC process including such areas as peer code review, cloud encryption and key management standards, and definition of artifacts that can be utilized for audit purposes. You will work directly with Agile teams to ensure security is embedded throughout the entire development process while ensuring minimal impact to schedules. You will work closely with software engineers to help ensure that a culture of security is woven into the development cycle and identify opportunities to shift identification of vulnerabilities to earlier in the development process. You will serve as the conduit between Claim software engineers and the centralized Cybersecurity group.
Primary Job Duties & Responsibilities
- Point of contact for the Claim Cloud Security program.
- Drive the development of cloud security patterns in collaboration with the enterprise, including encryption and key management supporting Claim outcomes
- Work directly with Claim architects and software engineers to help guide them through securing assets in the cloud.
- Research relevant attack methods and engage with other LOBs to help ensure that all relevant risks are identified and addressed.
- Guide product and engineering teams in building secure features through security architecture design reviews and threat modeling.
- Be an advocate for cloud security and secure coding practices across all engineering teams.
- Use attack driven techniques to defend our applications and systems by discovering weaknesses in our web and mobile application portfolio.
- Work with the value stream circles to ensure security and data protection is embedded throughout the entire development process
- Serve as the conduit between Claim software engineers and Travelers Cybersecurity.
- High school diploma or equivalent required.
- Five years of work experience within Computer Science or a related field required.
Education, Work Experience, & Knowledge
- Bachelor's Degree in a STEM (Science, Technology, Engineering, Math) discipline preferred.
- Seven years of relevant experience with Cybersecurity practices, processes, and Cybersecurity event investigation/resolution preferred.
- Broad knowledge of all IT related technologies with subject matter expertise in IT Security related technology and business exposures impacting organizational vitality preferred.
- Ability to work independently and as part of a team.
- Certifications such as AWS Certified Security specialist.
- Experience developing information security standards and procedures.
- Penetration testing, Web Application Penetration testing a plus.
- Experience assessing and documenting the design of security controls to mitigate risk.
- Ability to influence and set technical direction.
- Skilled at contributing and communicating your expert knowledge of concepts to a broader audience.
Job Specific Technical Skills & Competencies
- Bachelor's degree in computer science, information technology, or equivalent experience in related fields.
- Demonstrated ability to interact with all levels of personnel within an organization.
- Strong written and verbal communications skills.
- Experience in developing in common languages such as .NET, Java, React, Angular, etc.
- Experience in encryption and key management with on-prem and cloud solutions.
- Experience in AWS is required.
- Experience in Data & Analytics space both on-prem and cloud is a plus.
- Experience with Test Data Management tools such as Informatica is a plus.
- Experience designing and architecting in AWS is a plus.
Environmental / Work Schedules / Other
- On call as needed.
Travelers is an equal opportunity employer. We value the unique abilities and talents each individual brings to our organization and recognize that we benefit in numerous ways from our differences.
If you have questions regarding the physical requirements of this role, please send us an email so we may assist you.
Travelers reserves the right to fill this position at a level above or below the level included in this posting.