Principal, Application Security Engineer
Atlanta, Georgia
Employer: Insight Global
Industry: Security Engineering
Salary: $165000 - $175000 per year
Job type: Full-Time
Must Haves:
- 8+ years of experience securing consumer-facing multi-brand web applications and mobile applications, with part of that time in the lead role.
o Specifically integrating a vulnerability management tool into the SDLC
o Expertise with APPSEC methods & tools including threat modeling, design patterns, SAST, DAST, bug bounty programs.
- Previous background in application development with python coding knowledge
o This person will be responsible for spot checking
- Experience working with offshore development teams and ability to lead daily standups
- Experience working with cloud native solutions: Azure (preferred), GCP, or AWS environments
Day to Day:
An Insight Global client is looking for a Principal Application Security Engineer to their Security organization to work closely with engineering teams to conduct secure code reviews integrate vulnerability testing throughout the SDLC lifecycle, threat modeling, and architectural security review early in the software development lifecycle. Static analysis scanning and software composition analysis scanning occur in an always-on fashion, and this team works to triage and report findings, and along with other vulnerabilities, track them through remediation and completion. This role will serve as the escalation point for vulnerability remediation and will manage the process for false positive mitigation. This Principal will also work with external vendors to conduct penetration testing engagements. As the principal, this role is the equivalent of a director with no direct reports and will report into the CISO.
Additional Responsibilities Include:
Independently ensure that identified software defects are properly triaged for false positives, correctly prioritized based on criticality, and mitigated.
Automate the discovery, profiling, and continuous security monitoring of code.
Responsible for integrating the security toolset into the CI/CD pipeline.
Responsible for managing the current application security toolset and advising management on improvements.
Define and develop the Application Security strategy and roadmap across people, process, and technology.
Create and perform necessary testing, scanning, and remediation of our internet-facing web applications with respect to compliance
Design security compliance metrics that align with Application Security requirements and assist with driving enforcement.
Assist with triaging potential security incidents
Will be managing the implementation of customer identity and access management (CIAM) in tandem with Okta
Will be managing the implementation of bot mitigation by a 3rd party
$165,000 - $175,000 -Exact compensation may vary based on several factors, including skills, experience, and education.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com .
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .
Required Skills & Experience
software development experience with python
security engineering experience
vulnerability tools
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.
- 8+ years of experience securing consumer-facing multi-brand web applications and mobile applications, with part of that time in the lead role.
o Specifically integrating a vulnerability management tool into the SDLC
o Expertise with APPSEC methods & tools including threat modeling, design patterns, SAST, DAST, bug bounty programs.
- Previous background in application development with python coding knowledge
o This person will be responsible for spot checking
- Experience working with offshore development teams and ability to lead daily standups
- Experience working with cloud native solutions: Azure (preferred), GCP, or AWS environments
Day to Day:
An Insight Global client is looking for a Principal Application Security Engineer to their Security organization to work closely with engineering teams to conduct secure code reviews integrate vulnerability testing throughout the SDLC lifecycle, threat modeling, and architectural security review early in the software development lifecycle. Static analysis scanning and software composition analysis scanning occur in an always-on fashion, and this team works to triage and report findings, and along with other vulnerabilities, track them through remediation and completion. This role will serve as the escalation point for vulnerability remediation and will manage the process for false positive mitigation. This Principal will also work with external vendors to conduct penetration testing engagements. As the principal, this role is the equivalent of a director with no direct reports and will report into the CISO.
Additional Responsibilities Include:
Independently ensure that identified software defects are properly triaged for false positives, correctly prioritized based on criticality, and mitigated.
Automate the discovery, profiling, and continuous security monitoring of code.
Responsible for integrating the security toolset into the CI/CD pipeline.
Responsible for managing the current application security toolset and advising management on improvements.
Define and develop the Application Security strategy and roadmap across people, process, and technology.
Create and perform necessary testing, scanning, and remediation of our internet-facing web applications with respect to compliance
Design security compliance metrics that align with Application Security requirements and assist with driving enforcement.
Assist with triaging potential security incidents
Will be managing the implementation of customer identity and access management (CIAM) in tandem with Okta
Will be managing the implementation of bot mitigation by a 3rd party
$165,000 - $175,000 -Exact compensation may vary based on several factors, including skills, experience, and education.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com .
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .
Required Skills & Experience
software development experience with python
security engineering experience
vulnerability tools
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.
Created: 2024-06-09
Reference: 361776
Country: United States
State: Georgia
City: Atlanta
ZIP: 30334
Similar jobs:
-
Cloud Security Engineer - AWS/Azure/GCP (Remote - Delivery Center)
Deloitte in Atlanta, Georgia -
Customer Engineer, Security, Google Cloud
Google in Atlanta, Georgia -
Cloud Security Engineer
Deluxe Corporation in Atlanta, Georgia -
ISE Network Security Engineer
Insight Global in Atlanta, Georgia💸 $50 - $60 per hour -
Cloud Security Engineer - AWS/Azure/GCP (Remote - Delivery Center)
Deloitte in Atlanta, Georgia -
Software Engineering Manager II, Infrastructure Security
Google in Atlanta, Georgia -
Senior Specialist, Information Security System Engineer
L-3 Technologies in Fort Gordon, Georgia -
Cloud Security Engineer
Deloitte in Atlanta, Georgia💸 $69600 - $115000. per year -
Azure Security Engineer
TSR Consulting in Alpharetta, Georgia -
Sr. Security Engineer
NLB Services in Atlanta, Georgia -
Associate Security Engineer
NLB Services in Atlanta, Georgia -
Senior SAP Security Engineer - USA Remote
Danaher Corporation in Atlanta, Georgia💸 $100000 - $120000 per year -
Sr. Security Engineer
NLB Services in Atlanta, Georgia -
Cyber Security Software Engineer - GTRI - CIPHER - Open Rank
Georgia Tech Research Institute in Atlanta, Georgia -
Senior Security Engineer
Delta Air Lines in Atlanta, Georgia -
IT Engineer - Security (Entry Level)
Orion Engineering Services in of America, Georgia💸 $37 - $40 per hour -
Cyber Security Software Engineer - GTRI - CIPHER - Open Rank
Georgia Tech Research Institute in Atlanta, Georgia -
Sr. Security Engineer
NLB Services in Atlanta, Georgia -
Cloud Security Engineer
Open Systems Technologies in Alpharetta, Georgia💸 $80 per hour -
Information System Security Engineer (ISSE) II
General Dynamics Corporation in Warner Robins, Georgia💸 $140899 - $167785. per year