The position.

The engineering team at Root strives to be one of the most transformative engineering teams ever. We’re changing the way an industry works by leveraging technology and data to build the best products possible. Even with our significant growth, we operate in small teams that are given ownership over projects and results. We’ve found that the people closest to the problems are the best at solving them. We’re actively hiring Engineers remotely and excited to announce that Root is a “work where it works best” company. Meaning we will support you working in whatever location that works best for you across the US. We will continue to have our headquarters in Columbus and offices in other locations to give more flexibility and more choice about how we live and work.

The Information Security team at Root strives to manage information security risk within the organization while enabling transformative technologists to do their cutting-edge work. As a Sr. Application Security Engineer, you’ll be joining a team dedicated to securing Root, having an opportunity to influence how we mature our secure software development lifecycle and application security standards to appropriately manage risk, address regulatory requirements, and protect our customers.

The ideal candidate will be technically sound, an exceptional communicator, a self-starter, and a team player who thrives in highly collaborative environment.This role will report to the Sr. Manager of Security Engineering.

What you’ll achieve.
  • Work across teams to tackle complex issues
  • Execute large, pre-planned tasks in an efficient manner
  • Coach engineers on how to find and fix security bugs
  • Perform design and code reviews to identify risk and assist developers in improving overall product security
  • Teach secure coding techniques and methods
  • Work closely with Product and Engineering teams to deliver secure, high-quality features
  • Partner with the business to establish application and product security standards, and secure coding practices
  • Develop and manage a bug bounty program in partnership with external service providers
  • Coordinate and drive remediation of identified vulnerabilities and control deficiencies
  • Integrate security test automation and tooling within CI/CD pipelines

What we’re looking for.

  • Knowledge of securing both web and mobile applications against common issues (including OWASP Top 10)
  • Ability to write clean, functional, well-tested code
  • Experience with several programming paradigms
  • Deep understanding of client-server architecture and web technologies
  • Solid knowledge of continuous integration pipelines and automating security feedback
  • Experience building, executing, and documenting a Secure Software Development Lifecycle
  • Able to take on unplanned work and bug fixes
  • Understands and takes business goals into account when making technical decisions

Apply for this Job

* Required


Voluntary Self Identification

Voluntary Self ID Questionnaire (US)

Individuals seeking employment at Root Insurance are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. 

Why are we asking?

In order to track our effectiveness in recruiting a wide range of talent, we invite all applicants to self-identify demographic information. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Self-identification categories 

  • Gender Identity: How a person identifies their gender, regardless of their gender assigned at birth. 
  • LGBTQIA: A person's sexual identity.
  • Race/Ethnicity: A person’s racial, ethnic or origin identity. 
  • Disability Status: A person’s physical or mental impairment which may limit one or more of their major life activities. Learn more here. 
  • Military Service: A person who has spent time serving in any branch of the military (retired or active). Learn more here
To which gender (or genders) do you most closely identify? Select all that apply

Do you identify as a member of the LGBTQIA+ community? (Select one)

What is your race and/or ethnicity? Please check all that apply.

Military Veteran Status (Select one)

Disability Status (Select one)