IT Security Application Analyst II jobs in United States
cer-icon
Apply on Employer Site
company-logo

Tokio Marine HCC · 8 hours ago

IT Security Application Analyst II

positionKennesaw, GA
timeFull-time
remoteHybrid
seniorityMid Level
date4+ years exp

Tokio Marine HCC (TMHCC) is a specialty insurance company with a strong commitment to customer service and innovation. The IT Security Application Analyst II role is focused on safeguarding enterprise applications by implementing security controls, managing access governance, and collaborating with IT and business teams to ensure secure application environments.

CommercialFinancial ServicesInsurance
check
Comp. & Benefits
check
H1B Sponsor Likelynote

Responsibilities

Partner with application development teams to embed security requirements and controls throughout the software development lifecycle (SDLC), including design, coding, testing, and deployment
Conduct security reviews of application architectures, design documents, and source code (e.g., static/dynamic analysis)
Conduct and/or review vendor application security assessments, penetration tests, and SOC 2 / ISO 27001 reports
Define and enforce secure coding standards and practices in alignment with OWASP Top 10 and TMHCC policies
Maintain and continuously improve the Application Security Policy, Secure Development Standards, and related procedures
Evaluate and integrate security automation tools (SAST, DAST, SCA) within CI/CD pipelines
Experience integrating security tools into CI/CD pipelines (e.g., GitHub Advanced Security, Veracode, Checkmarx, or similar)
Provide security training and guidance to developers to foster a security-first development culture
Evaluate third-party software vendors for adherence to TMHCC’s security standards, including secure coding, vulnerability management, and data protection
Collaborate with Procurement and Legal to embed security requirements and due diligence in contracts and service agreements
Track and manage remediation of security issues identified in vendor solutions
Experience with vendor risk management and third-party software assessments
Develop key metrics and reporting for application and vendor security posture (e.g., vulnerability trends, remediation SLAs, risk acceptance tracking)
Participate in architecture review boards and change advisory processes to ensure secure-by-design principles are followed
Strong understanding of secure development frameworks (e.g., OWASP SAMM, NIST SP 800-218 SSDF)
Familiarity with threat modeling methodologies (STRIDE, PASTA)
Ability to translate complex security risks into actionable development requirements

Qualification

Application SecuritySecure Coding StandardsSecurity Automation ToolsVendor Risk ManagementNIST Cybersecurity FrameworkThreat Modeling MethodologiesSecurity TrainingCompliance ManagementCISSP CertificationCISM CertificationCISA CertificationAnalytical SkillsCommunication SkillsOrganizational Skills

Required

4 Year / Bachelors in Computer Science, a related field, or the equivalent degree and/or experience
Strong understanding of secure development frameworks (e.g., OWASP SAMM, NIST SP 800-218 SSDF)
Familiarity with threat modeling methodologies (STRIDE, PASTA)
Ability to translate complex security risks into actionable development requirements
Strong knowledge of the NIST cybersecurity framework
Possess and have ability to apply broad knowledge of principles, practices, and procedures
Thorough knowledge of industry accepted security architectures
Thorough knowledge of authentication and access systems
Able to effectively analyze risk within the context of business problems
General multi-platform information security knowledge in cloud, networks, Windows, desktops, servers, and application systems
Working knowledge of information security tools for intrusion monitoring, filtering, event management, compliance management and vulnerability management
General knowledge of regulatory requirements such as SOC 2, Sarbanes-Oxley, Health Insurance Portability & Accountability Act (HIPAA), along with US data privacy laws
Experience in following system information security policies, standards, and procedures
Experience implementing security-related projects
Excellent written and verbal communication skills with an emphasis on confidentiality, tact, and diplomacy
Exceptional organizational and analytical skills; demonstrated ability to manage multiple tasks simultaneously
Knowledgeable of industry changes, legal updates, and technical developments related to the applicable area of the Company's business to proactively respond to changing business
Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cybersecurity program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance
Overtime hours may be required to fulfill job responsibilities
May be required to remain stationary for extended periods of time
May be required to move up to 10 pound
Must be able to operate a computer and other devices
Close vision and ability to adjust focus, such as required to read a computer screen
Occasional travel up to 10%

Preferred

Preferred but not required Certified Information System Security Professional(CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor(CISA)
Experience integrating security tools into CI/CD pipelines (e.g., GitHub Advanced Security, Veracode, Checkmarx, or similar)
Experience with vendor risk management and third-party software assessments

Benefits

Generous paid time off (PTO), 12 paid company holidays
401(k) Retirement Plan with 6% company match
Health and dental insurance, and vision plan available
Company-provided long-term disability and life insurance
Opportunities for advancement in a successful and growing organization
Flexible work schedules and a great work/life balance
Paid Parental Leave
Volunteer Time Off
Enjoy casual dress and work in a modern, comfortable office with free parking
Hybrid work schedule

Company

Tokio Marine HCC

twittertwittertwitter
Glassdoor4.0
company-logo
Tokio Marine HCC focuses on what matters most; our people.
dateFounded in 1974
location
Houston, Texas, USA
people-size1001-5000 employees
web-link
http://www.tmhcc.com/

H1B Sponsorship

Tokio Marine HCC has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2022 (1)
2020 (3)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Susan Rivera
Chief Executive Officer and Chief Operating Officer
linkedin
leader-logo
Chris Skarinka
President of the Public Risk Group
linkedin

Recent News

MarketScreener
Tokio Marine Completes Share Buyback Tender Offer
2025-12-19
MarketScreener
Evercore Opens Riyadh Office After Securing Saudi Arranging License
2025-12-09
MarketScreener
Jefferies to Benefit From Pickup in Sponsor Activity in 2026, Morgan Stanley Says
2025-12-08
Company data provided by crunchbase