Senior Application Security Engineer & Technical Lead

Marsh McLennan

What can you expect?

• Lead the application development within Marsh McLennan as a technical expert and mentor • Drive security excellence through hands-on code reviews, architecture guidance, and technical leadership • Create and maintain security-focused boilerplate code, libraries, and frameworks for development teams • Serve as the technical bridge between security requirements and engineering implementation • Shape the security posture of applications through deep technical involvement in the development lifecycle

What is in it for you?

• Marsh McLennan offers competitive employee benefits and a thriving culture • A company with a strong Brand and strong results to match • Employee Resource Groups which provide access to leaders, relevant volunteer and mentoring opportunities, and interactions with counterparts in industry groups and client organizations • Competitive pay (salary and bonus potential), Full benefits package starting day one (medical, dental, vision, STD/LTD, life insurance, RSP (Retirement Savings Plan) or TFSA (tax free savings account)) • Tuition Reimbursement plan and participation in our Employee Stock Purchase Plan • Entitled to vacation, floating holidays, time off to give back to your community, sick days, and provincial/national holidays (with early dismissal)

We will count on you to:

Technical Leadership & Code Quality

• Conduct comprehensive security-focused pull request reviews across multiple applications and technology stacks
• Design, develop, and maintain reusable security libraries, frameworks, and boilerplate code for development teams
• Establish and enforce secure coding standards through technical guidance and code review processes
• Create and maintain security-focused development tools, linters, and automated checks

Architecture & Design

• Review and provide technical input on application architectures from a security perspective
• Participate in design reviews and technical discussions to ensure security best practices are embedded from the ground up
• Perform threat modeling and security architecture assessments for new and existing applications
• Collaborate with engineering teams to design secure, scalable solutions that meet business requirements

Security Champion Leadership

• Serve as the senior technical member within the Security Champion community across MMC
• Mentor and guide other security champions, providing technical expertise and best practice guidance
• Lead technical discussions regarding proposed changes to Application Security Standards and guidelines
• Act as resident security expert and technical consultant across multiple application portfolios

Development & Implementation

• Actively contribute to secure application development through hands-on coding and technical implementation
• Integrate security controls and features into applications (RBAC, authentication, authorization, encryption, etc.)
• Develop and maintain security testing frameworks and automated security validation tools
• Contribute to the design and implementation of security infrastructure and deployment pipelines

Standards & Process

• Establish and maintain technical security standards, guidelines, and best practices for development teams
• Provide technical guidance on vulnerability assessment, triaging, and remediation approaches
• Review and validate security incident remediation, including secrets management and disposal
• Ensure alignment with industry standards (OWASP Top 10, SANS Top 25, CWE) and internal security policies

Collaboration & Communication

• Work closely with development teams, product owners, and architects to integrate security seamlessly into the development process
• Serve as technical liaison between development teams and global information security
• Provide technical training and knowledge sharing sessions on secure development practices
• Communicate complex security concepts clearly to both technical and non-technical stakeholders

What you need to have:

Technical Expertise

• Bachelor's degree in Computer Science, Engineering, or equivalent technical experience
• 7+ years of software development experience with strong engineering fundamentals
• Expert-level proficiency in multiple programming languages (JavaScript/TypeScript, Python, Java, C#, etc.)
• Deep understanding of modern application architectures, microservices, and cloud platforms (Azure, AWS)
• Extensive experience with CI/CD pipelines, DevOps practices, and infrastructure as code
• Advanced knowledge of secure coding practices, common vulnerabilities, and security testing methodologies

Security Specialization

• Advanced expertise in application security principles, practices, and industry standards
• Experience with security testing tools (SAST, DAST, IAST, dependency scanning)
• Deep understanding of authentication, authorization, cryptography, and secure communication protocols
• Knowledge of threat modeling methodologies and security architecture patterns
• Experience with security frameworks and compliance requirements (SOC 2, ISO 27001, NYDFS, etc.)

Leadership & Communication

• Proven track record of leading technical initiatives and mentoring development teams
• Excellent communication skills with ability to influence and educate technical and non-technical audiences
• Experience working in distributed, cross-functional teams across multiple time zones
• Strong problem-solving skills with ability to balance security requirements with business needs

What makes you stand out:

Technical Excellence

• Demonstrated ability to architect and implement enterprise-scale security solutions
• Experience building and maintaining security-focused development tools and frameworks
• Deep expertise in multiple technology stacks and ability to quickly adapt to new technologies
• Track record of successfully implementing security controls in complex, distributed systems

Leadership & Impact

• Experience leading security transformation initiatives within large organizations
• Proven ability to influence engineering culture and drive adoption of security best practices
• Experience with site reliability engineering (SRE) practices and security operations

Innovation & Continuous Learning

• Active participation in security communities, conferences, and open-source projects
• Proactive approach to staying current with emerging security threats and technologies
• Experience with AI/ML security considerations and secure integration of LLM technologies
• Demonstrated ability to translate business requirements into technical security solutions

In accordance with applicable legislation, Marsh will provide a reasonable accommodation to employees and prospective employees to the point of undue hardship upon request and as required in respect of the individual's particular restrictions and limitations. If you require a specific accommodation because of a disability or medical need please contact TANA@mmc.com.

Marsh is the world's leading insurance broker and risk adviser. With over 35,000 colleagues operating in more than 130 countries, Marsh serves commercial and individual clients with data driven risk solutions and advisory services. Marsh is a business of Marsh McLennan (NYSE: MMC), the leading global professional services firm in the areas of risk, strategy and people. With annual revenue approaching US $17 billion and 76,000 colleagues worldwide, MMC helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses: Marsh, Guy Carpenter, Mercer, and Oliver Wyman.

Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people regardless of their sex/gender, marital or parental status, ethnic origin, nationality, age, background, disability, sexual orientation, gender identity or any other characteristic protected by applicable law.

#MMCIC