Apply now »

Application Security Lead


We are Farmers!

We are… more than just your favorite commercials.  At Farmers, we strive to deliver peace of mind to our customers by providing protection and comprehensive advice and delivering in the moments of truth. That means having people who can help us meet changing customer and business needs. Farmers high-performance culture is focused on results and the people who achieve them. We hold ourselves and others accountable for sustainably growing the business and each other. We seek solutions, own our actions, and grow through discomfort. We see setbacks as opportunities while continuously asking ourselves how we impact our customers. 


Farmers is an award winning, equal opportunity employer, committed to the strength of a diverse workforce. We are dedicated to supporting the well-being of our people through our extensive suite of benefits, as well as the well-being of the communities we serve through employee volunteer programs and nonprofit partnerships. Helping others in their time of need isn’t just our business – it’s our culture!  To learn more about our high-performance culture and open opportunities, check out and be sure to follow us on Instagram, LinkedIn, and TikTok. 


Workplace: Hybrid ( #LI-Hybrid ), Remote ( #LI-Remote ) - Either Hybrid or Remote, depending upon candidate location and proximity to a Farmers Office.

Farmers believes in a culture of collaboration, creativity, and innovation, which thrives when we have the ability to work flexibly in a virtual setting as well as the opportunity to be together in person. Our hybrid work environment combines the best of both worlds with at least three (3) days in office and up to two (2) days virtual for employees who live within fifty (50) miles of a Farmers corporate office. Applicants beyond fifty (50) miles may still be considered.

About the role...

  • Oversee the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions.
  • Uses advanced risk-based methodologies to deliver and oversee detailed, end-to-end technical analysis of a broad range of interdependent cybersecurity risks with the highest level of criticality and risk to the local and global organization.
  • Analyze, establish, and lead multiple simultaneous implementations of disparate security requirements for a collection of integrated local and global systems/networks.
  • Advise local and global senior business and IT stakeholders/executives how to holistically protect on-premise and cloud information systems through an innovative defense-in-depth strategy.
  • Design and develop security architecture patterns that meet regulatory obligations and data protection requirements as well as align with the business and corporate security strategy.
  • Perform complex and urgent security testing and security risk assessments to significantly advance the maturity of the organization’s security.
  • Lead the implementation and testing of technology solution requirements and document traceability back to corporate security and control requirements raising exceptions as required.
  • Work with teams to ensure processes are in place to continue adherence to the security standards and controls.

What you'll accomplish...

  • Identify, assess, document, and articulate all types of data security and data privacy risks in addition to appropriate countermeasures and controls to address data security and data privacy concerns of the highest severity.
  • Creatively and independently provide resolution to security problems in a cost- effective manner. Identify opportunities to proactively mitigate risks.
  • Work closely with the entire IT department on corporate technology development to fully secure information, computer, network and processing systems.
  • Provide input on security requirements to be included in request for proposals (RFPs), statements of work (SOWs), and other procurement documents.
  • Interpret and/or approve security requirements relative to the capabilities of new information technologies.
  • Lead compliance activities by driving deficient security metrics towards significant improvement.
  • Ensure adequate processes are in place to detect and respond to all types of cybersecurity incidents and events.
  • Maintain strong relationships between teams.
  • Develop specific cybersecurity countermeasures and risk mitigation strategies for systems and/or applications.
  • Participate in preparing audits of system compliance with control environment, including automation of collection of evidences.
  • Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
  • Demonstrate ownership of assigned audit actions or regulator requests by diligently providing responses and evidence within established timeframes.
  • Directly influence and collaborate with local, global, and external stakeholders to identify and develop appropriate solutions technology.
  • Work with executive team members, decision makers, and stakeholders to define business requirements and systems goals, and to identify and resolve business systems issues.
  • Design and architect the overall technology solution/platform, taking into account the business needs, technical needs, and industry best practices.
  • Sets the future direction and technical direction of technology platforms.
  • Serve as lead in multiple enterprise- wide security programs by organizing and facilitating project planning, daily stand-up meetings, reviews, and retrospectives.
  • Develop milestones and timelines for assigned security projects/initiatives.
  • Demonstrate ownership of assigned programs from initiation to completion.
  • Serve as an internal consultant and advisor in own area of expertise.
  • Drive large-scale projects forward independently by coordinating with external teams and tracking deliverables not specifically owned by Farmers.
  • Facilitate discussion and conflict resolution.
  • Lead the planning and deployment of infrastructure security measures.

Additional accomplishments for this role...

  • Assist in developing a disaster recovery and business continuity plan. 
  • Identify and prioritize system functions required to promote continuity and availability of critical business processes in the circumstance of system failure critical
  • business functions are restored or recovered promptly.
  • Provide ongoing guidance or oversight of Analysts and Specialists tasks. 
  • Develop on-the-job training materials or programs. 
  • Perform other duties as assigned.

Physical actions...

  • Sits or stands for extended periods of time, up to a full work shift.
  • Occasionally reaches overhead and below the knees, including bending, twisting, pulling, and stooping.
  • Occasionally moves, lifts, carries, and places objects and supplies weighing 0-10 pounds without assistance.
  • Listens to, interprets, and differentiates auditory information (e.g. others speaking) at normal speaking levels with or without correction.
  • Visually verifies and reads information.
  • Visually locates material, resources and other objects.
  • Ability to continuously operate a computer for extended periods of time, up to a full work shift.
  • Physical dexterity sufficient to use hands, arms, and shoulders repetitively to operate keyboard and other office equipment up to a full work shift.

Physical environment...

This position operates in an open office working environment which will include normal and customary distractions, noise, and interruptions.

Education needed...

  • High school diploma or equivalent required.
  • Bachelor's degree in Information Systems or related discipline preferred. CISSP, CISM, CISA, CRISC, CIPP, or equivalent Certification preferred.

Experience needed...

Seven to ten years professional experience in IT Security or Information Security Risk consulting and Project Management, or comparable base of knowledge/expertise in the field, required.

Special skills needed...

  • Strong verbal and written communication skills.
  • Demonstrated ability to secure 'buy-in' and convince others regarding best approach.
  • Goal oriented team player with a positive attitude.
  • Excellent time management skills.
  • Strong relationship building.
  • Identity and Access (least privilege, access reviews, MFA)
  • Secret policies and Auditing.
  • Logging and Monitoring.
  • Data resilience.
  • Application Security implementation.
  • DevSecOps.
  • Encryption In transit, at rest, and hardware.
  • Network Isolation.
  • Vulnerability Management.
  • Configuration Management.

Platform experience...

  • Amazon Web Services
  • MuleSoft CloudHub
  • MSSQL Server
  • Dremio


  • Farmers offers a competitive salary commensurate with experience, qualifications and location.
    o CA Only: $116,960 - $186,560
    o CO Only: $109,920 - $160,820 
    o HI Only: $109,920 - $172,150
    o IL Only: $109,920 - $172,150
  • o MD Only: $109,920 - $172,150
    o NY/DC/Jersey City Only: $109,920 - $186,560 
             o Albany County: $116,960 - $160,820 
    o WA Only:  $109,920 - $195,625 
  • Bonus Opportunity (based on Company and Individual Performance)
  • 401(k)
  • Medical
  • Dental
  • Vision
  • Health Savings and Flexible Spending Accounts
  • Life Insurance
  • Paid Time Off
  • Paid Parental Leave
  • Tuition Assistance
  • For more information, review “What we offer” on


Job Location(s): R_US - United States

Anticipated application deadline: At Farmers, the recruitment process is designed to ensure that we find the best talent to join our team. As part of this process, we typically close open positions within 8 to 21 days after posting. If you are interested in any of our open positions, we encourage you to submit your application promptly.

Farmers will consider for employment all qualified applicants, including those with criminal histories, in accordance with the Los Angeles Fair Chance Initiative for Hiring Ordinance or other applicable law.  Pursuant to 18 U.S.C. Section 1033, Farmers is prohibited from employing any individual who has been convicted of any criminal felony involving dishonesty or a breach of trust without prior written consent from the state Department of Insurance.

Want to learn more about our culture & opportunities? Check out and be sure to follow us on InstagramLinkedIn, and TikTok.

Apply now »