Lead Application Security Engineer

Lead Application Security Engineer

Introduction

You desire impactful work. You’re RGA ready. RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 200 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.

Job Summary

The Lead Application Security Engineer will help reduce risk across our application portfolio by partnering with engineers and product teams, coordinating external penetration tests, and turning findings into prioritized, trackable remediation work. This position will run and configure application security tooling—SAST, DAST, SCA, and secrets scanning—integrating results into engineering workflows and helping teams focus on the fixes that matter most.

Principle Duties

• Coordinate external penetration tests (scoping, scheduling, access, and logistics) across multiple application teams.
• Partner with application owners to triage findings, validate impact, and prioritize remediation based on risk and business context.
• Operate, tune, and maintain SAST and SCA tooling (rulesets, baselines, false-positive management, and integrations) to improve signal-to-noise.
• Run and configure DAST scanning and validate results with engineering teams, including safe testing practices and environment coordination.
• Implement and operate secrets scanning across source control and CI/CD, and partner on prevention patterns (rotation, vaulting, and developer guidance).
• Integrate findings into ticketing and SDLC workflows, define SLAs, and track remediation progress to closure with clear ownership.
• Create lightweight standards, guidance, and enablement so application teams can remediate faster without security becoming a blocker.

Requirements

• Bachelor’s Degree in Arts/Sciences (BA/BS) or equivalent experience - Required
• Master’s degree in Arts/Sciences (MA/MS) or professional industry certification - Preferred
• 6+ years in application security, product security, or software engineering with a security focus.
• Experience coordinating and/or consuming third-party penetration tests and translating results into actionable remediation plans.

Skills and Abilities

• Strong hands-on skill with Terraform, Python, Bash, and CI/CD (Jenkins or equivalent).
• Hands-on experience running and configuring SAST, DAST, SCA, and secrets scanning.