DevSecOps

• Red Team: Form, Lead and execute red team engagements simulating real-world attack scenarios. Collaborate with SRE and DevOps teams to validate findings and recommend remediation strategies.
Manage full attack lifecycle operations: reconnaissance, exploitation, persistence, lateral movement, and exfiltration.
• Security by Design: Integrate security requirements and controls into architecture, design, and coding practices.
• Code & Dependency Review: Automate and conduct reviews of code, libraries, and dependencies to identify vulnerabilities.
• Threat Modeling & Risk Assessment: Collaborate with engineers to assess potential attack vectors and recommend mitigations.
• Secure CI/CD Pipelines: Implement static (SAST), dynamic (DAST), and dependency scanning tools into CI/CD pipelines.
• Cloud & Infrastructure Security: Work with DevOps to secure Kubernetes, containers, secrets management, and cloud environments (AWS/GCP/Azure).

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• Strong background in application security (OWASP, NIST, MITRE ATT&CK).
• Proficiency in one or more programming languages (C#, Python, Java, or JavaScript).
• Experience with CI/CD and DevSecOps tooling (SonarQube, Snyk, Veracode, GitHub Actions, etc.).
• Familiarity with container security (Docker, Kubernetes, Istio).
• Cloud security expertise (IAM, secrets management, network segmentation).
• Knowledge of regulatory/compliance frameworks relevant to the org.

• Experience with penetration testing or red teaming.
• Certifications (e.g., CISSP, OSCP, CEH, CCSK).
• Familiarity with zero-trust architectures.
• Hands-on with Infrastructure as Code (Terraform, Helm, Pulumi).

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.