Insight Global is looking for an Application Security Engineer to join our client's team. In this role, you will play a crucial part in application security assessments and remediation efforts. Collaborating closely with application development teams, you'll ensure adherence to the secure software development lifecycle (SSDLC) framework. Your responsibilities will span various aspects of application security, from configuring static and dynamic scanning tools to evangelizing security fundamentals and integrating security practices into CI/CD pipelines. Additionally, you'll participate in threat modeling, code reviews, and design evaluations, all while interpreting corporate security guidelines for cloud adoption. This position will sit remotely.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
HR@insightglobal.com.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
· 3+ years' experience in information systems security.
· Knowledge of OWASP Top Ten application security assessments and code reviews
· Knowledge of security testing tools such as Burp Suite or Zed Attack Proxy.
· Working knowledge of SAML, OAuth, Kerberos, Okta (or equivalent software) and secure software development lifecycle SSDLC methodology
· Experience in SOC 2 compliance and in interpreting vendor SOC 2 information.
- Outstanding communication, analytical skills and ability to function in a globally diverse work environment with communication among many teams.
Experience in languages like JavaScript, Groovy, Python/Shell/AWK
· Experience in GDPR compliance, NIST 800-53 security controls
· 1 + years of experience with public and hybrid cloud environments.
· The following certifications are not mandatory but considered an asset: GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), GIAC Web Application Defender (GWEB) Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.) experience preferred
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.