Security Analyst (Remote)

National Interstate is a member of Great American Insurance Group. As one of the leading commercial transportation insurers in the nation, we offer risk financing solutions in all 50 states tailored to meet the needs of a wide variety of transportation classes. Our offerings include traditional insurance and innovative alternative risk transfer (ART) programs, including more than a dozen group captive programs catering to niche wheels markets. We are proud to be a multiple Northcoast 99 winner and Cleveland Plain Dealer Top Workplace in Northeast Ohio. It is because of our talented and dedicated team that we are able to live out our company values of integrity, transparency, fairness, accountability, empowerment and collaboration with each transaction we make. If you are ready to join an engaging and driven team such as ours, we would love to hear from you!JOB SUMMARY: This role will be focused on the security of our on-prem applications and out of box solutions through policies, practices, and implementation. The Application Security Analyst will recommend methods and techniques to improve security and will help establishing a culture of security across the various IT groups. Creates processes to support high quality security-operations and compliance in the internal application environment. Supports the achievement of compliance and regulatory goals.JOB RESPONSIBILITIES:Acts as SME for On-prem Application Security providing guidance, direction, and technical information on configuration, development, and implementation to other technical teams.Perform Information Security Risk assessments and vulnerability testing of applications and deployments and track the remediation of findings to reduce risks.Develop Information Security practices to ensure ongoing compliance of applications and out of box solutions to meet our Security Baselines.Recommends and develops security measures to protect information against unauthorized modification or loss.Ensures that the architecture and design of internal information systems are functional and secure.Participates in strategic project planning and recommends secure implementation strategies, access privileges and control structures.Manages the IAM program.Develop knowledge and skills with other teams to ensure the proper development and deployment in a secure manner.Provide support to enable automated CI:CD pipeline for ongoing development of in-house applications in a secure manner.Support audit processes for SOC, PCI, and NIST CSF reporting.Adhere to and be compliant, as applicable, with GLBA, FCRA, FCPA, HIPAA, CAN-SPAM, UDAP as well as all other federal, state, and local laws, and company policies and procedures.REQUIRED SKILLS: Deep understanding of how security impacts each stage of the development pipeline and the final product or service.Technical proficiency and familiarity in DevSecOps culture and up-to-date knowledge of threats and trends.Experience with tools and techniques for risk and vulnerability assessment, threat modeling, and analyzing threats.Experience in designing countermeasures to identified security risks, security controls based on cybersecurity principles and tenets, integration of hardware and software solutions.Ability to recognize vulnerabilities in security systems, develop and apply security system access controls.Skill in discerning the protection needs and security controls of information systems and networks, evaluating the adequacy of security designs, conducting audits or reviews of technical systems.Familiar with Agile development and the tools that enable agile development.Ability to be a team player with proficient communication skills and with thorough understanding of how security impacts each development phase.Ability to manage multiple deadlines and deliverables.Self-motivated and driven, capable of handling problems until resolved within accepted time tolerances - anticipates problems and identifies long-term implications of decisions and actions.QUALIFICATIONS : Bachelor''s Degree in related field or equivalent experience.4-6 years of previous work experience.Knowledgeable in enterprise information security best practices in a confidential and sensitive data environment in both on premise and in-cloud solutions.Experience in IT security and compliance.Experience in Source code management, scripting experience (Python, Ruby, PowerShell, etc.) and working with various coding languages.Knowledge of CI:CD capable technologies as well as implementation and integrations.Experience with various industry standards and controls (PCI, NIST, ISO, SOC, etc.).Effective verbal and written communication of concerns and recommendations to team members and pany:NIC National Interstate CorporationNumber of Positions:1

Created: 2025-10-04