Security Engineer

As a Security Engineer, you will focus on strengthening product and application security by applying best practice cybersecurity and AI safeguards. It drives "shift left" initiatives to integrate automated security controls early in the software development lifecycle, working closely with cloud and engineering teams to improve secure coding practices.

Come and join us to shape the future of the insurance industry!

SCOR Digital Solutions is a global insurance consultancy helping insurers worldwide to grow sustainably. A critical part of the SCOR Group, we are specialised in developing industry-leading digital solutions for every part of the consumer journey, from underwriting, to engagement, to claims. By combining SCOR's comprehensive data and analytical expertise with the award-winning capabilities of our in-house product and technical teams, our solutions are helping insurers to transform the experience of their consumers worldwide. We also conduct annual research with more than 12,500 insurance consumers in 22 key markets around the world, ensuring our solutions are always imbued with the voice of today's consumers.

As a Security Engineer, you will focus on strengthening product and application security by applying best‑practice cybersecurity and AI safeguards. It drives "shift‑left" initiatives to integrate automated security controls early in the software development lifecycle, working closely with cloud and engineering teams to improve secure coding practices.

This job has a broad remit encompassing - but not limited to - the work areas below:

• Help secure our products and applications that may introduce cybersecurity and AI risks, apply established security best practices and continuously improve our security design posture.
• Coordinate "shift left" security efforts to automate and scale security into the software development lifecycle and infrastructure security. Collaborate closely with cloud engineers and application teams to instill secure coding and other security best practices.
• Ability to embed AI agents into the development pipelines to aid threat modeling and embedding appropriate security measures into these workflows.
• Participate in secure design reviews, helping identify risks, attack surfaces, and mitigation measures in line with OWASP Top 10, SANS CWE Top 25, and industry best practices,
• Contribute to developing and maintaining tooling used for secure code reviews and support developers by answering questions and advising remediation of vulnerabilities.
• Support the vulnerability management program by helping integrate vulnerability data sources, assisting with prioritization logic, and working with engineering teams to remediate identified vulnerabilities.
• Support security audit efforts (e.g., ISO 27001, SOC Type 2) by assisting with control implementation activities and evidence collection.
• Assist with the analysis of security incidents and support of the security operations center (SOC) during investigation and resolution of security alerts.
• Handling and responding to operational security requests, ensuring timely resolution in accordance with defined procedures and SLAs.

The successful candidate for this job will be enthusiastic about the responsibilities above, and will have a skillset which complements the job well, including:

• 3+ years of experience in Application Security, Secure Software & Application development, or related fields, preferably in a product-led, cloud, or SaaS environment.
• You are a thoughtful and responsible security professional - Someone who is proactive, eager to learn, and comfortable seeking input and feedback.
• Solid understanding of OWASP Top 10, secure coding standards, vulnerability management penetration testing methodologies, and common web/mobile vulnerabilities.
• Practical knowledge of web technologies (e.g. Cloud IaC) and at least one modern programming language (e.g., Python, Terraform).
• Experience in securing mobile/ web applications (iOS and Android) through static and dynamic analysis.
• Have hands-onon experience with modern application stacks, infrastructure (Cloud native environment), and security tools, and apply them to help implement pragmatic defenses.
• Work with a learning mindset cross-functionally with engineers of all levels to build security into the software development life cycle. Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls.
• Embody a proactive mindset to embed security throughout the product lifecycle through activities like threat modeling, secure code review, and education.
• Have a good understanding of common offensive security techniques and attacker mindsets to help identify and anticipate application security risks.
• You can easily partner and forge relationships with cross-functional teams and stakeholders