Application Cybersecurity Solutions Engineer

We deliver our customers peace of mind every day by helping them protect what they value most. Our passion for placing the customer at the center of everything we do is driving a transformational shift at Liberty Mutual. Operating as a tech startup within a Fortune 100 company, we are leading a digital disruption that will redefine how people experience insurance. The Liberty Mutual Global Cybersecurity (GCS) BISO organization is seeking a Cybersecurity Solutions Engineer focused on proactively identifying, consulting and managing cybersecurity risks aligned to support our Global Digital Services (GDS) organization. As a modern infrastructure and operations organization, GDS leads and enables Liberty’s technology direction, supporting business needs to operate remotely and collaborate globally. They are responsible for core enterprise infrastructure systems and emphasize process efficiency, automation, resiliency and platform standardization at global scale.

As a Cybersecurity Solutions Engineer team member within our Business Information Security Office (BISO), your role acts as a bi-directional partner to GDS creating alignment between GDS objectives and the enterprise cybersecurity strategy. The Cybersecurity Solution Engineer ensures business decisions adhere to corporate cybersecurity policies, standards and are implemented with security top of mind, while being mindful to the practicalities of speed, agility, and business results. Based on GDS strategic security needs, the Cybersecurity Solution Engineer will be a key partner in the creation of solutions to remediate or mitigate cybersecurity risks.

For this role we are seeking a Cybersecurity Solution Engineer to focus upon driving our application security program within GDS. You will partner with delivery teams to embed security into the software development lifecycle (SSDLC), work closely with engineering and product teams, and facilitate developer outreach and vulnerability management efforts. Help drive the secure usage of AI throughout the SDLC, as well as driving remediation efforts at scale. This role combines technical delivery (threat modeling, code review, secure architecture guidance) with program leadership (KPIs, Issues Management, executive reporting, security culture). Ensure secure by design principles are incorporated as part of GDS service delivery to Liberty Mutual.

Responsibilities

• Provide technical consultation across a wide variety of technical cybersecurity domains such as Secure DevOps, Identity & Access Management, Threat & Vulnerability Management, Data Protection, Cloud Security, Network and Cloud environments     
• Perform threat modeling, security design reviews, and technical remediation guidance for new and existing system interfacing with engineers, architects, product owners or leaders.     
• Drive proactive identification of threats and vulnerabilities and coordinate remediation prioritization and implementation across stakeholders.     
• Review source code and advise on vulnerabilities and validate risk ratings.       
• Drive secure-by-design patterns across services and APIs, including secure protocol and API design, cryptography guidance, and key/certificate management best practices.       
• Build, measure and report AppSec program maturity and effectiveness using KPIs/KRIs; maintain application security issue register and provide visibility on progress to senior leadership.      
• Lead developer outreach within GDS by partnering with BISO peers to create practical guidance, training, and a security champions program to raise security awareness and adoption.        
• Mentor engineering teams on secure development practices and act as an escalation point for complex application security issues.       
• Support and coordinate between threat intelligence, cyber defense and offensive security teams for GDS applications and services.
• Stay current on evolving threats, regulatory requirements, and industry best practices, and incorporate them into application security program
• improvements.

• Bachelor`s or Master`s degree in technical discipline or equivalent experience; technical Master`s degree preferred
• 10+ years of experience in cybersecurity, including a minimum of 3 years in an application security role.
• 5+ years designing and developing software (demonstrated ability to read, understand, and review source code).
• Proven experience building and scaling application security programs in enterprise environments and influencing outcomes across large, matrixed organizations.
• Strong understanding of threat modeling, vulnerability management, OWASP Top 10, and modern application security risks.
• Deep practical knowledge of secure software development practices, DevSecOps principles, and CI/CD tooling and infrastructure-as-code automation with familiarity with platforms such as GitHub Actions, Confluence, JIRA.
• Hands-on experience with static code analysis (SAST), dynamic application scanning (DAST), dependency/SCA tools, and managing false positives.
• Experience securing cloud-based platforms and applications; multi-cloud experience desired, AWS experience preferred
• Experience securing containerized/Kubernetes deployments and modern microservices architectures.
• Familiarity with penetration testing or ethical hacking techniques
• Prior experience developing, maintaining and reporting for application security KPIs/KRIs
• Strong stakeholder management, communication, and leadership skills — able to translate technical risk into business impact and influence senior leaders
• Industry cybersecurity and/or technology certifications are an expectation
• Negotiation skills; oral and written communication skills
• Ability to work CT or EST is required