Security Engineer

About First Connect:

First Connect Insurance Services is a digital platform providing independent insurance agents access to top US carriers and the optionality necessary to grow their businesses. Agents can work with over 120 carriers, selling various insurance policies, including home, auto, small business, and more. We’re on a mission to overhaul the technology agents have access to, putting consumer-grade software at their fingertips. We’ve got thousands of active agents with hundreds joining monthly and we plan to accelerate our growth.

Role Overview:

To support our continuous growth, we are looking for an experienced Security Engineer to identify and remediate security gaps across our applications and infrastructure. The ideal candidate will have demonstrated experience in secure application development, IT and information security, and a deep understanding of cloud environments and their inherent challenges. Experience working within a startup environment is the primary preference; knowledge of the digital insurance or fintech sectors is also beneficial.

Key Responsibilities:

• Collaborate and coordinate with external IT and Information Security teams to ensure seamless security operations and alignment on strategic initiatives. 
• Manage and maintain security across our applications and infrastructure, including Office365, email gateways, firewalls, and anti-malware systems.
• Monitor security systems for anomalies, respond to security alerts and incidents, and perform forensic analysis when required. 
• Handle internal and external security escalations. 
• Advocate for and drive the adoption of information security and secure practices throughout FirstConnect, including the Secure Software Development Lifecycle (SSDLC).
• Perform comprehensive architecture and security reviews on complex Cloud SAAS solutions and software.
• Participate in and support application security reviews and threat modelling, including static and dynamic code analysis.
• Identify and map attack surfaces, assess threats, and design and execute penetration tests against our products and infrastructure.
• Work with developers to ensure security principles are incorporated into engineering design and deployments.
• Develop mitigation strategies and build tools to automate and integrate security testing, compliance, and remediate vulnerabilities.

Qualifications:

• Strong knowledge of Windows, Macs and Linux security, Single Sign-On (SSO), and network security protocols (TCP/IP, HTTPS).
• Hands-on experience with security systems, including firewalls, intrusion detection systems (IDS), anti-virus software, and log management.
• Proven expertise in the detection, exploitation, and mitigation of common web application security vulnerabilities (e.g., OWASP Top 10).
• Experience conducting security-focused code reviews of JavaScript (Node, React) codebases.
• Strong development or scripting experience, with proficiency in JavaScript being essential.
• Solid knowledge of at least one modern cloud environment (e.g., AWS, Azure, GCP) and its security controls.
• In-depth knowledge of web security standards and authentication infrastructure (SAML, OAuth, JWT).
• Excellent problem-solving, analytical, and troubleshooting skills.

Preferred Qualifications: 

• Previous startup experience. 
• Work experience in the insurtech or fintech sectors.
• Industry certifications such as CISSP, CISM, OSCP, CEH, or GIAC.
• Familiarity with compliance and regulatory programs such as ISO 27001, NIST, and SOC.

Benefits & Perks:

First Connect treats its team members with the same level of dedication and care as we do our
customers, which is why we’re fortunate to provide our team with:

• Comprehensive Healthcare: Including private and public health insurance options for
  employees and their families.
• Retirement & Savings: Pension fund contributions and 8.33% severance fund allocation
  Annually.
• Equity Compensation: This role is eligible for equity.
• Time Off: 12 days of PTO annually, paid sick leave, and maternity/paternity leave per local regulations.
• Work-Life Balance: Flexible work schedules and time off to recharge.
• Career Growth: Training programs and internal mobility opportunities.

Exact compensation may vary based on several job-related factors that are unique to each candidate, including but not limited to: skill set, experience, education/training, location, business needs and market demands.

First Connect is an equal opportunity employer, and we are committed to building a team culture that celebrates diversity and inclusion.

Applicants are considered solely based on their qualifications, without regard to an applicant’s disability or need for accommodation. Any First Connect applicant who requires reasonable accommodations during the application process should contact the First Connect People Team to make the need for an accommodation known.