More jobs:
IT Security Application Analyst II
Job in
Canton, Cherokee County, Georgia, 30169, USA
Listed on 2026-02-12
Listing for:
Tokio Marine HCC
Full Time
position Listed on 2026-02-12
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, IT Consultant
Job Description & How to Apply Below
Georgia - Kennesawtime type:
Full time posted on:
Posted Todayjob requisition :
2026-31
Tokio Marine HCC (TMHCC) brings 50 years of service to the specialty insurance industry, today offering over 100 products to commercial customers in 180 countries around the world. Organic growth and over 60 successful acquisitions have grown our 2022 Gross Written Premium (GWP) to $5 Billion. Our workforce has grown to 4,300 worldwide … big, but not so big that you cannot make a difference.
Our Good Company values, including integrity, empowerment, and commitment to customer service, and a culture of innovation, communication, and collaboration make TMHCC a great place to work.
TMHCC Stop Loss, a $2 Billion division within TMHCC, leads the way in providing medical stop loss insurance sold to employers. Medical Stop Loss provides an added layer of insurance protection to employers who choose to self-fund their health benefit plans. Self-funding can incur risks from catastrophic claims, and Medical Stop Loss insurance from Tokio Marine HCC is designed to protect employers from that risk.
*** This role is ONSITE and located in Kennesaw, GA
**
* Position Summary:
The IT Security Application Analyst safeguards TMHCC’s enterprise applications by implementing and maintaining robust security controls and compliance measures. This role proactively identifies and mitigates vulnerabilities, manages access governance, and collaborates with IT and business teams to ensure secure, compliant, and resilient application environments across on-premises and cloud systems.
Key Responsibilities:
* Partner with application development teams to embed security requirements and controls throughout the software development lifecycle (SDLC), including design, coding, testing, and deployment.
* Conduct security reviews of application architectures, design documents, and source code (e.g., static/dynamic analysis).
* Conduct and/or review vendor application security assessments, penetration tests, and SOC 2 / ISO 27001 reports.
* Define and enforce secure coding standards and practices in alignment with OWASP Top 10 and TMHCC policies.
* Maintain and continuously improve the Application Security Policy, Secure Development Standards, and related procedures.
* Evaluate and integrate security automation tools (SAST, DAST, SCA) within CI/CD pipelines.
* Experience integrating security tools into CI/CD pipelines (e.g., Git Hub Advanced Security, Veracode, Checkmarx, or similar).
* Provide security training and guidance to developers to foster a security-first development culture.
* Evaluate third-party software vendors for adherence to TMHCC’s security standards, including secure coding, vulnerability management, and data protection.
* Collaborate with Procurement and Legal to embed security requirements and due diligence in contracts and service agreements.
* Track and manage remediation of security issues identified in vendor solutions.
* Experience with vendor risk management and third-party software assessments.
* Develop key metrics and reporting for application and vendor security posture (e.g., vulnerability trends, remediation SLAs, risk acceptance tracking).
* Participate in architecture review boards and change advisory processes to ensure secure-by-design principles are followed.
* Strong understanding of secure development frameworks (e.g., OWASP SAMM, NIST SP 800-218 SSDF).
* Familiarity with threat modeling methodologies (STRIDE, PASTA).
* Ability to translate complex security risks into actionable development requirements
Education, Experience & Knowledge:
* 4 Year / Bachelors in Computer Science, a related field, or the equivalent degree and/or experience
* Preferred but not required Certified Information System Security Professional(CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor(CISA)
* Hybrid work position with 3 days at our Kennesaw Office and 2 days remote.
* Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×