Application Security Analyst

Application Security Analyst page is loaded## Application Security Analystlocations: UK - London ( St Botolph )time type: Full timeposted on: Posted Todayjob requisition id: 2026-110**Job Title:** Application Security Analyst**Reporting to:** Application Security Lead**Direct Reports:** None**Position Type:** Full Time**Why**Standing still is not an option in the current world of Insurance. TMHCC is one of the world’s leading Specialty Insurers. With deep expertise in our chosen lines of business, our unparalleled track record and a solid balance sheet, TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit, empowering our people and delivering on our commitments are at the core of our customer values, along with a desire to grow and provide creative and innovative solutions to our clients.**About Operations**Operations sits at the heart of TMHCC, we ensure the smooth running of all business processes — from policy administration and claims handling to data, technology, and delivery. We focus on driving efficiency which enables our teams across the business to deliver exceptional results every day. Our value statement: Ops makes it happen. **Operations is made up of 7 functions, this role sits within: IT**We are the foundation for TMHCC’s success - enabling the business to grow, compete, and innovate through technology, security, and solution design. From shaping strategy to delivering resilient operations, we ensure every capability is aligned to business value. Our inclusive and collaborative culture empowers everyone to explore ideas, solve meaningful challenges, and build fulfilling careers that make a real impact.**Job Purpose:**To support and enhance TMHCC’s application security capability by embedding security controls into the software development lifecycle, working hands-on with engineering teams to identify, assess, and remediate application security risks. Reporting to the Application Security Lead in the Business Information Security Office, you will provide support across all application security technologies and processes to monitor and respond to vulnerabilities detected across our application landscape.**Key Responsibilities:*** Support the application security testing programme through the use of approved enterprise tools for SAST, SCA, DAST, API security and penetration tests.* Validate findings and perform manual security reviews across web, API, and internal applications.* Triage, validate, and prioritise vulnerabilities in collaboration with development and application teams, ensuring findings are risk-based and actionable.* Track remediation activities and support timely closure of vulnerabilities, including root-cause analysis to reduce recurring issues.* Support secure development by contributing to secure coding standards, guidelines, and reusable security components or guardrails.* Operate application security tooling within CI/CD pipelines to enable DevSecOps practices.* Work closely with developers to provide guidance, improve secure coding practices, and support delivery objectives.* Maintain application security metrics, dashboards, and reports for technical teams and stakeholders, ensuring alignment with internal policies and governance requirements.**Performance Objectives:*** Effectively operate application security tooling (e.g. SAST, SCA, DAST, API security) within existing SDLC and CI/CD processes, ensuring vulnerabilities are accurately triaged, prioritised, and communicated to engineering teams.* Partner with development teams to analyse vulnerabilities, provide technically accurate remediation guidance, and reduce the recurrence of common application security flaws.* Deliver application security metrics and reporting, maintaining dashboards and tracking remediation progress to support risk visibility, governance, and stakeholder decision-making.**Skills and Experience Specification:****Essential:*** Hands-on experience in Application Security, DevSecOps, or a related security engineering role.* Practical experience operating and supporting application security tooling for SAST, SCA, DAST, and API security within an enterprise environment.* Strong understanding of secure coding principles and common application vulnerabilities, including OWASP Top 10 and MITRE Top 25.* Experience triaging, validating, and prioritising vulnerabilities, working with development teams to support effective remediation.* Ability to read and understand code in at least one modern programming language (e.g. C#, JavaScript, Python).* Familiarity with CI/CD pipelines and integrating security controls into development workflows (e.g. GitHub, Azure DevOps).* Understanding of authentication and authorisation concepts, including OAuth, OIDC, SSO, and role-based access control.* Experience maintaining security metrics, dashboards, or reports to support risk visibility and governance.**Desirable:*** Experience supporting or contributing to DevSecOps automation, including scripting with Python, Bash, or similar languages.* Knowledge of software supply chain security, including dependency management and artefact repositories (e.g. Artifactory).* Exposure to cloud-native and containerised environments, including AWS or Azure, Kubernetes, and microservices architectures.**What We Offer**The Tokio Marine HCC Group of Companies offers a competitive salary and employee benefit package. We are a successful, dynamic organization experiencing rapid growth and are seeking energetic and confident individuals to join our team of professionals.The Tokio Marine HCC Group of companies is an equal opportunity employer. Please visit for more information about our companies.#LI-HJ1