Application Security Architect

Tokio Marine HCC•Houston, TX

22h•Onsite

About The Position

Tokio Marine HCC is a leading specialty insurance group with offices in the United States, the United Kingdom, Europe, Ireland, and other exciting locations. With the strength and stability that comes from being a member of the Tokio Marine Group, and more than forty years of growth, profitability, and stability, we offer important insurance products that most people don’t even know exist. Every policy we write is special, enabling our clients to do amazing things. From insuring the crops that feed us to the rock concerts that entertain us, to rescuing international travelers in trouble, we offer more than 100 classes of specialty insurance. Applying our Mind Over Risk philosophy to writing insurance allows our customers to take on opportunity with confidence. That philosophy defines our way of thinking, unites us as a team, and differentiates us from our competitors. We are much more than just an insurance company; we are a good company. We are seeking an Application Security Architect to join our Corporate Security team. In this role, you will serve as a trusted advisor and technical leader, driving secure design principles and modern security practices across a global, federated enterprise. You will collaborate closely with software development, infrastructure, and cloud engineering teams to ensure our applications are secure, scalable, and aligned with TMHCC’s enterprise standards. As part of a dynamic and collaborative environment, you will influence the adoption of secure coding practices, integrate security into development pipelines, and shape the future of application security across multiple business units.

Requirements

Bachelor’s degree in Computer Science, Cybersecurity, or related technical field (or equivalent experience).
Minimum of 5 years of experience in software development, software security, or application architecture.
Experience with AWS and/or Azure application security best practices.
Strong knowledge of web application security principles, OWASP Top 10, and secure SDLC.
Experience designing and securing modern architectures (microservices, APIs, containers, serverless).
Proficiency in at least one major programming language (C#/.NET or Python).
Familiarity with application security tools (SAST, DAST, SCA, IAST, secrets scanning).
Excellent communication, influence, and collaboration skills across technical and non-technical stakeholders.

Nice To Haves

Relevant certifications such as CISSP, CSSLP, or GIAC preferred.
Background in financial services, insurance, or other regulated industries is a plus.

Responsibilities

Shape and influence enterprise application security strategy across TMHCC’s federated business model.
Define, advocate for, and implement secure design principles across cloud-native, containerized, and on-premises environments.
Develop and maintain secure architecture blueprints and reusable security patterns for enterprise adoption.
Conduct threat modeling and application architecture reviews to proactively identify and mitigate risks early in the lifecycle.
Integrate security testing tools (SAST, DAST, SCA, IAST, secrets scanning) into enterprise and business unit CI/CD pipelines.
Partner with DevOps, Infrastructure, and Cloud teams to embed security into development workflows and platform engineering practices.
Collaborate with developers, architects, and business unit leaders to promote secure development and consistent security standards.
Support incident response, risk, and compliance teams with application-related assessments and investigations.
Research emerging threats and technologies to continuously enhance TMHCC’s application security maturity.