Senior Application Security Engineer [Remote-US]

About Us

Quanata is on a mission to help ensure a better world through context-based insurance solutions. We are an exceptional, customer centered team with a passion for creating innovative technologies, digital products, and brands. We blend some of the best Silicon Valley talent and cutting-edge thinking with the long-term backing of leading insurer, State Farm.

Our Team

Quanata, LLC is an insurance technology innovation company that engineers advanced risk prediction and prevention solutions, develops risk-focused acquisition capabilities, and builds/supports a full-stack, flexible, digital & increasingly AI-native insurance platform. This helps our primary clients, State Farm and HiRoad Assurance Company, adapt to evolving market needs. Quanata, LLC is wholly owned and funded by State Farm. As a company that prioritizes an inclusive and positive culture, we believe the core of our success is in hiring talented people — across disciplines — who want to help us make a quantifiable impact.

The role

As a Senior Application Security Engineer, you will serve as the primary partner for web and backend engineering teams, helping embed security best practices throughout the software development lifecycle. You will support secure design, conduct threat modeling, review backend and frontend code, and lead integration of security tools into developer workflows. Your role bridges frontend and API security, and you'll be responsible for helping developers resolve complex security challenges across product surfaces.

Your day-to-day

• Partner with one product portfolio to facilitate overall product security management, emphasis on AI/ML-specific security concerns and cross-functional work with data science teams
• Perform security design reviews and threat modeling on APIs, web features, and service integrations, including integrating SAST, SCA, and DAST tools into CI/CD pipelines
• Support secure development practices across security champions and engineering
• Review source code and deployment configurations for security vulnerabilities
• Collaborate with developers to triage, fix, and validate vulnerability findings
• Participate in cross-functional incident response and remediation planning
• Draft and maintain AppSec guidance for engineering teams and security champions
• Contribute to security awareness and enablement across the engineering org
• Develop AppSec related integrations and deployments of automation solutions (ASVS scanning, burpsuite enterprise)
• Support application security integration reviews, saas security assessments, oss reviews

About you

• Bachelor’s degree or equivalent relevant experience and;
• 6 - 8 years of experience in application security or full-stack development with security expertise
• Strong understanding of secure coding in JavaScript/TypeScript, Node.js, and web standards
• Familiar with application risk and vulnerabilities (OWASP Top 10, API Security, SSRF, etc.)
• Experience with code scanning tools (e.g., CodeQL, Semgrep, SonarQube, Snyk)
• Comfortable reading and debugging complex codebases across the stack