Must Haves:
- 8+ years of experience securing consumer-facing multi-brand web applications and mobile applications, with part of that time in the lead role.
o Specifically integrating a vulnerability management tool into the SDLC
o Expertise with APPSEC methods & tools including threat modeling, design patterns, SAST, DAST, bug bounty programs.
- Previous background in application development with python coding knowledge
o This person will be responsible for spot checking
- Experience working with offshore development teams and ability to lead daily standups
- Experience working with cloud native solutions: Azure (preferred), GCP, or AWS environments

Day to Day:
An Insight Global client is looking for a Principal Application Security Engineer to their Security organization to work closely with engineering teams to conduct secure code reviews integrate vulnerability testing throughout the SDLC lifecycle, threat modeling, and architectural security review early in the software development lifecycle. Static analysis scanning and software composition analysis scanning occur in an always-on fashion, and this team works to triage and report findings, and along with other vulnerabilities, track them through remediation and completion. This role will serve as the escalation point for vulnerability remediation and will manage the process for false positive mitigation. This Principal will also work with external vendors to conduct penetration testing engagements. As the principal, this role is the equivalent of a director with no direct reports and will report into the CISO.

Additional Responsibilities Include:
Independently ensure that identified software defects are properly triaged for false positives, correctly prioritized based on criticality, and mitigated.
Automate the discovery, profiling, and continuous security monitoring of code.
Responsible for integrating the security toolset into the CI/CD pipeline.
Responsible for managing the current application security toolset and advising management on improvements.
Define and develop the Application Security strategy and roadmap across people, process, and technology.
Create and perform necessary testing, scanning, and remediation of our internet-facing web applications with respect to compliance
Design security compliance metrics that align with Application Security requirements and assist with driving enforcement.
Assist with triaging potential security incidents
Will be managing the implementation of customer identity and access management (CIAM) in tandem with Okta
Will be managing the implementation of bot mitigation by a 3rd party

$165,000 - $175,000 -Exact compensation may vary based on several factors, including skills, experience, and education.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com .

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

Required Skills & Experience

software development experience with python
security engineering experience
vulnerability tools

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.