Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Enhance application security by embedding controls in the software development lifecycle.
- Company: Join Tokio Marine HCC, a leading Specialty Insurer with a collaborative culture.
- Benefits: Competitive salary, dynamic work environment, and growth opportunities.
- Why this job: Make a real impact on application security while working with innovative technologies.
- Qualifications: Experience in Application Security and knowledge of secure coding principles required.
- Other info: Be part of a rapidly growing team that values creativity and empowerment.
The predicted salary is between 36000 - 60000 £ per year.
Tokio Marine HCC is one of the world’s leading Specialty Insurers. With deep expertise in our chosen lines of business, our unparalleled track record and a solid balance sheet, TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit, empowering our people and delivering on our commitments are at the core of our customer values, along with a desire to grow and provide creative and innovative solutions to our clients.
About Operations: Operations sits at the heart of TMHCC, ensuring the smooth running of all business processes — from policy administration and claims handling to data, technology, and delivery. We focus on driving efficiency which enables our teams across the business to deliver exceptional results every day.
Job Purpose: To support and enhance TMHCC’s application security capability by embedding security controls into the software development lifecycle, working hands-on with engineering teams to identify, assess, and remediate application security risks. You will provide support across all application security technologies and processes to monitor and respond to vulnerabilities detected across our application landscape.
Key Responsibilities:
- Support the application security testing programme through the use of approved enterprise tools for SAST, SCA, DAST, API security and penetration tests.
- Validate findings and perform manual security reviews across web, API, and internal applications.
- Triage, validate, and prioritise vulnerabilities in collaboration with development and application teams, ensuring findings are risk-based and actionable.
- Track remediation activities and support timely closure of vulnerabilities, including root-cause analysis to reduce recurring issues.
- Support secure development by contributing to secure coding standards, guidelines, and reusable security components or guardrails.
- Operate application security tooling within CI/CD pipelines to enable DevSecOps practices.
- Work closely with developers to provide guidance, improve secure coding practices, and support delivery objectives.
- Maintain application security metrics, dashboards, and reports for technical teams and stakeholders, ensuring alignment with internal policies and governance requirements.
Performance Objectives:
- Effectively operate application security tooling (e.g. SAST, SCA, DAST, API security) within existing SDLC and CI/CD processes, ensuring vulnerabilities are accurately triaged, prioritised, and communicated to engineering teams.
- Partner with development teams to analyse vulnerabilities, provide technically accurate remediation guidance, and reduce the recurrence of common application security flaws.
- Deliver application security metrics and reporting, maintaining dashboards and tracking remediation progress to support risk visibility, governance, and stakeholder decision-making.
Skills and Experience Specification:
- Hands-on experience in Application Security, DevSecOps, or a related security engineering role.
- Practical experience operating and supporting application security tooling for SAST, SCA, DAST, and API security within an enterprise environment.
- Strong understanding of secure coding principles and common application vulnerabilities, including OWASP Top 10 and MITRE Top 25.
- Experience triaging, validating, and prioritising vulnerabilities, working with development teams to support effective remediation.
- Ability to read and understand code in at least one modern programming language (e.g. C#, JavaScript, Python).
- Familiarity with CI/CD pipelines and integrating security controls into development workflows (e.g. GitHub, Azure DevOps).
- Understanding of authentication and authorisation concepts, including OAuth, OIDC, SSO, and role-based access control.
- Experience maintaining security metrics, dashboards, or reports to support risk visibility and governance.
Desirable:
- Experience supporting or contributing to DevSecOps automation, including scripting with Python, Bash, or similar languages.
- Knowledge of software supply chain security, including dependency management and artefact repositories (e.g. Artifactory).
- Exposure to cloud-native and containerised environments, including AWS or Azure, Kubernetes, and microservices architectures.
The Tokio Marine HCC Group of Companies offers a competitive salary and employee benefit package. We are a successful, dynamic organization experiencing rapid growth and are seeking energetic and confident individuals to join our team of professionals. The Tokio Marine HCC Group of companies is an equal opportunity employer.
Senior Application Security Analyst employer: Tokio Marine HCC International
Contact Detail:
Tokio Marine HCC International Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Application Security Analyst
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can refer you directly.
✨Tip Number 2
Prepare for those interviews by practising common questions and scenarios related to application security. We recommend doing mock interviews with friends or using online platforms to get comfortable with your responses.
✨Tip Number 3
Showcase your skills! Create a portfolio or GitHub repository that highlights your projects and contributions in application security. This gives potential employers a tangible look at what you can bring to the table.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining our team at Tokio Marine HCC.
We think you need these skills to ace Senior Application Security Analyst
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter for the Senior Application Security Analyst role. Highlight your hands-on experience with application security tools and your understanding of secure coding principles. We want to see how your skills align with what we're looking for!
Showcase Your Experience: When detailing your past roles, focus on specific projects where you’ve triaged vulnerabilities or worked with development teams. Use concrete examples to demonstrate your ability to improve secure coding practices. This helps us see the real impact you've made in previous positions.
Be Clear and Concise: Keep your application clear and to the point. Avoid jargon unless it’s relevant to the role. We appreciate straightforward communication, so make sure your key achievements and skills stand out without unnecessary fluff.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows you’re keen on joining our team at Tokio Marine HCC!
How to prepare for a job interview at Tokio Marine HCC International
✨Know Your Application Security Tools
Familiarise yourself with the specific application security tools mentioned in the job description, like SAST, DAST, and API security. Be ready to discuss your hands-on experience with these tools and how you've used them to identify and remediate vulnerabilities in past roles.
✨Understand Secure Coding Principles
Brush up on secure coding principles and the OWASP Top 10 vulnerabilities. You might be asked to explain how you would approach securing an application or to provide examples of common vulnerabilities you've encountered and how you addressed them.
✨Showcase Your Collaboration Skills
Since this role involves working closely with development teams, prepare examples that demonstrate your ability to collaborate effectively. Think about times when you’ve successfully communicated security risks and worked with developers to implement solutions.
✨Prepare for Technical Questions
Expect technical questions that assess your understanding of application security concepts and practices. Be ready to discuss your experience with CI/CD pipelines and how you’ve integrated security controls into development workflows. Practising coding problems or scenarios can also help you feel more confident.