IT Security Application Analyst II

Information Technology Application Analyst

Tokio Marine HCC (TMHCC) brings 50 years of service to the specialty insurance industry, offering over 100 products to commercial customers in 180 countries. Our workforce of 4,300 worldwide has grown through organic expansion and 60 successful acquisitions, reaching a 2022 Gross Written Premium of $5 B.

TMHCC Stop Loss, a $2 B division, leads the way in providing medical stop‑loss insurance sold to employers. Medical Stop Loss protects self‑funding employers from catastrophic claims and is designed to complement health benefit plans.

Location
:
Kennesaw, GA – onsite (hybrid work: 3 days in office, 2 days remote).
Seniority level
:
Mid‑Senior
Employment type
:
Full‑time

The IT Security Application Analyst safeguards TMHCC’s enterprise applications by implementing and maintaining robust security controls and compliance measures. The role proactively identifies and mitigates vulnerabilities, manages access governance, and collaborates with IT and business teams to ensure secure, compliant, and resilient application environments across on‑premises and cloud systems.

• Partner with application development teams to embed security requirements and controls throughout the software development lifecycle (SDLC), including design, coding, testing, and deployment.
• Conduct security reviews of application architectures, design documents, and source code (e.g., static/dynamic analysis).
• Perform or review vendor application security assessments, penetration tests, and SOC 2 / ISO 27001 reports.
• Define and enforce secure coding standards and practices in alignment with OWASP Top 10 and TMHCC policies.
• Maintain and continuously improve the Application Security Policy, Secure Development Standards, and related procedures.
• Evaluate and integrate security automation tools (SAST, DAST, SCA) within CI/CD pipelines.
• Configure security tools in CI/CD pipelines (Git Hub Advanced Security, Veracode, Checkmarx, or similar).
• Provide security training and guidance to developers to foster a security‑first development culture.
• Evaluate third‑party software vendors for adherence to TMHCC’s security standards, including secure coding, vulnerability management, and data protection.
• Collaborate with Procurement and Legal to embed security requirements and due diligence in contracts and service agreements.
• Track and manage remediation of security issues identified in vendor solutions.
• Apply vendor risk management and third‑party software assessment practices.
• Develop key metrics and reporting for application and vendor security posture (e.g., vulnerability trends, remediation SLAs, risk acceptance tracking).
• Participate in architecture review boards and change advisory processes to ensure secure‑by‑design principles.
• Apply a strong understanding of secure development frameworks (e.g., OWASP SAMM, NIST SP 800‑218 SSDF).
• Use threat modeling methodologies (STRIDE, PASTA).
• Translate complex security risks into actionable development requirements.

• Bachelor’s degree in Computer Science, a related field, or equivalent experience.
• Preferred certifications: CISSP, CISM, or CISA.
• Strong knowledge of the NIST Cybersecurity Framework.
• Broad knowledge of security principles, practices, and procedures.
• Comprehensive understanding of industry‑accepted security architectures.
• Knowledge of authentication and access systems.
• General knowledge of cloud, networks, Windows, desktops, servers, and application systems.
• Experience with information security tools for intrusion monitoring, filtering, event management, compliance management, and vulnerability management.
• Familiarity with regulatory requirements (SOC 2, Sarbanes‑Oxley, HIPAA, US data privacy laws).
• Ability to implement security‑related projects and follow system information security policies, standards, and procedures.
• Effective written and verbal communication skills with confidentiality, tact, and diplomacy.
• Exceptional organizational and analytical skills; ability to manage multiple tasks simultaneously.
• Knowledgeable of industry changes, legal updates, and technical developments to respond proactively to changing business needs.
• Minimum physical requirements: capable of operating a computer, sustaining stationary work for extended periods, lifting up to 10 lb, and occasional travel up to 10 %.
• Overtime hours may be required.

• Generous paid time off (PTO) and 12 paid company holidays.
• 401(k) retirement plan with 6 % company match.
• Health, dental, and vision insurance.
• Long‑term disability and life insurance.
• Opportunities for advancement within a successful and growing organization.
• Flexible work schedules and a strong work‑life balance.
• Paid parental leave.
• Volunteer time off.
• Casual dress code and modern, comfortable office with free parking.
• Hybrid work schedule.

The Tokio Marine HCC Group of Companies is an equal‑opportunity employer.