Application Security Engineer

Day to Day:
Insight Global is seeking an Application Security Engineer to sit remotely for a large retail client headquartered in the greater Pittsburgh area. This role involves identifying and investigating security issues in code/applications and informing developers to make necessary changes. The engineer will manage CI/CD pipelines (GitLab/GitHub), validate vulnerabilities, and collaborate with developers to ensure security compliance. Proficiency in Java, microservices, Node.js, and mobile app development (Swift) would be ideal, along with experience in static and dynamic security analysis tools as a requirement. The ideal candidate will thrive in a dynamic environment and have strong troubleshooting skills.

Additional responsibilities will include:
Implement and maintain automated security requirements within the DevSecOps pipeline.
Ensure the security pipeline is reasonable and effective, including blocking pipeline steps when necessary.
Identify and include various types of vulnerabilities in the testing process. Validate findings and determine their impact.
Maintain the infrastructure that supports security testing, including tools for SQL injection and security level scanning.
Understand and interpret the output of security tools, assisting developers in fixing identified issues.
Work closely with developers to integrate security into the development stages, including production applications, feature additions, and bug fixes.
Manage and maintain automated testing pipelines, ensuring they function correctly for both on-prem and cloud environments.
Diagnose and resolve issues within the pipeline to ensure continuous operation.
Continuously improve security processes and automate steps to enhance efficiency.

We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to Human Resources Request Form. The EEOC "Know Your Rights" Poster is available here.

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

Must Haves:
- Bachelors Degree in Computer Science, Cyber Security, etc or equivalent experience
- 2-3+ years of professional experience in an Application Security oriented role
- Basic fundamentals of application development (most applications are Java tech stack)
- CI/CD process experience (currently using Gitlab, anything similar is applicable)
o Experience with Secrets Detection in GitLab or GitHub
- Familiar with Static Application Security Testing (SAST) to identify security vulnerabilities before application runs
- Familiar with Dynamic Application Security Testing (DAST) to test already running applications to identify vulnerabilities
- Familiar with Software Composition Analysis (SCA) for open-source vulnerabilities
- Experience with Kanban
- Strong communication and collaboration skills ability to work independently and directly with developers
- Excellent problem-solving skills

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.