Senior Software Engineer (Python)
Scottsdale, Arizona
Employer: Insight Global
Industry: Programmer / Developer
Salary: Competitive
Job type: Full-Time
The Senior Software Engineer III is primarily responsible for penetration testing a variety of environments based on methodical adherence to attack-scoring frameworks. They will build, deploy, and maintain new security automation and orchestration tooling to integrate scanning and monitoring for compliance within existing pipelines. They also review and guide internal teams in developing more secure codebases, while educating them on best practices to build a strong security-first culture.
The following are essential accountabilities:
In-Depth Penetration Testing & Threat Modeling
Conduct ongoing internal and 3rd party vendor penetration testing and auditing aligned with compliance and legal objectives.
Perform threat modeling in accordance with OWASP Top 10, MITRE ATT&CK, and similar attack-scoring frameworks.
Monitor, test, and proactively report on current threats and vulnerabilities to respective teams.
Research and educate on emerging threats within similar environments and landscapes, along with offering remediation solutions for such.
Security Tooling, Automation, & Orchestration
Build, ship, and maintain various security packages to internal application codebases for automation.
Identify vulnerable dependencies across the organization and work with individual teams to resolve them.
Install programmatic measures to prevent and mitigate repeat vulnerability occurrences.
Integrate security monitoring within existing CI/CD pipelines. Work with Ansible and Jenkins is a plus.
Build complex regex and other pattern identification scripts and parsing to identify potential injection attempts.
Building and integrating APIs from disparate systems for orchestrated audits and scans.
Knowledge and experiences with data protection concepts such as: (a) data obfuscation, anonymization, & de-identification; (b) secrets management; and (c) vault services.
Experience building application parameterized/prepared-statement query interfaces a plus.
Secure-SDLC (sSDLC) Guidance, Codebase Review, & Support
Develop detailed security design and procedures across the enterprise to drive a standardized set of requirements and align with internal policies.
Lead secure-SDLC and product security maturity efforts to adopt a shift-left approach to security.
Conduct platform/service workload design and architecture reviews, as well as audit source code for compliance.
Monitoring, Logging, & Reporting
Parse a variety of debug logs for determining behavioral baselines to better formulate granular internal policies and standards.
Orchestrate log ingestion into tools and tuning rulesets for advanced metrics reporting on enterprise-wide security posture.
Build leaderboards and reporting interfaces on current and forecasted KPIs and risk indicators.
Other General Duties
Provide product security related coaching and mentoring to elevate security expertise of development teams.
Take ownership of security decisions made in the engineering organization by helping organization members make clear decisions in alignment with organizational goals, backing decisions made, and taking responsibility for their success.
Foster a company-wide positive culture across by having conversations based on organizational strategy and principles to create alignment.
Ensure security goals are understood and continuously worked towards across the organization.
Takes ownership and responsibility for organizational security practices and processes and their continuous improvement.
Effectively handle risk, change, and uncertainty across the organization.
Facilitate organization-wide discussions, ensuring that everyone has an opportunity to share their opinion and be heard, and that discussion outcomes are tied to stated goals.
Actively advance a culture of documentation and knowledge sharing across the organization.
Respond in a timely manner to on-call security notifications when scheduled on monthly rotation.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees in this position.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com .
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .
Required Skills & Experience
Bachelors degree in computer science or a related field, or equivalent work experience.
8 - 10 Years of Development Experience in the following languages: Python or Java and ideally to have: JS (Node, AJAX), Java, SQL, Linux Bash (or similar terminal languages), XML, YAML/JSON.
Python is the priority as it will be used for Vulnerability
Testing, creating complex data structures and algorithms.
(Python is widely used in Pentesting scripts, Machine Learning, and broadly understood by most developers, which is why it is preferred)
Experience designing and implementing APIs (SOAP, REST, GraphQLs) to grab data from multiple applications and synchronize in a singular view
Experience with Automation and tools such as Docker and/or k8s, Ansible, Jenkins, Terraform,
Experience with MySQL
Nice to Have Skills & Experience
Experience with AWS or other cloud platforms
Any credentials from the following certification bodies: ISC2, ISACA, CompTIA, GIAC, AWS, Azure, TOGAF, SABSA
Participation in bug hunting / bug bounty communities is a plus.
Experience with PCI / GDPR / or CCPA a plus.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.
The following are essential accountabilities:
In-Depth Penetration Testing & Threat Modeling
Conduct ongoing internal and 3rd party vendor penetration testing and auditing aligned with compliance and legal objectives.
Perform threat modeling in accordance with OWASP Top 10, MITRE ATT&CK, and similar attack-scoring frameworks.
Monitor, test, and proactively report on current threats and vulnerabilities to respective teams.
Research and educate on emerging threats within similar environments and landscapes, along with offering remediation solutions for such.
Security Tooling, Automation, & Orchestration
Build, ship, and maintain various security packages to internal application codebases for automation.
Identify vulnerable dependencies across the organization and work with individual teams to resolve them.
Install programmatic measures to prevent and mitigate repeat vulnerability occurrences.
Integrate security monitoring within existing CI/CD pipelines. Work with Ansible and Jenkins is a plus.
Build complex regex and other pattern identification scripts and parsing to identify potential injection attempts.
Building and integrating APIs from disparate systems for orchestrated audits and scans.
Knowledge and experiences with data protection concepts such as: (a) data obfuscation, anonymization, & de-identification; (b) secrets management; and (c) vault services.
Experience building application parameterized/prepared-statement query interfaces a plus.
Secure-SDLC (sSDLC) Guidance, Codebase Review, & Support
Develop detailed security design and procedures across the enterprise to drive a standardized set of requirements and align with internal policies.
Lead secure-SDLC and product security maturity efforts to adopt a shift-left approach to security.
Conduct platform/service workload design and architecture reviews, as well as audit source code for compliance.
Monitoring, Logging, & Reporting
Parse a variety of debug logs for determining behavioral baselines to better formulate granular internal policies and standards.
Orchestrate log ingestion into tools and tuning rulesets for advanced metrics reporting on enterprise-wide security posture.
Build leaderboards and reporting interfaces on current and forecasted KPIs and risk indicators.
Other General Duties
Provide product security related coaching and mentoring to elevate security expertise of development teams.
Take ownership of security decisions made in the engineering organization by helping organization members make clear decisions in alignment with organizational goals, backing decisions made, and taking responsibility for their success.
Foster a company-wide positive culture across by having conversations based on organizational strategy and principles to create alignment.
Ensure security goals are understood and continuously worked towards across the organization.
Takes ownership and responsibility for organizational security practices and processes and their continuous improvement.
Effectively handle risk, change, and uncertainty across the organization.
Facilitate organization-wide discussions, ensuring that everyone has an opportunity to share their opinion and be heard, and that discussion outcomes are tied to stated goals.
Actively advance a culture of documentation and knowledge sharing across the organization.
Respond in a timely manner to on-call security notifications when scheduled on monthly rotation.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees in this position.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com .
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .
Required Skills & Experience
Bachelors degree in computer science or a related field, or equivalent work experience.
8 - 10 Years of Development Experience in the following languages: Python or Java and ideally to have: JS (Node, AJAX), Java, SQL, Linux Bash (or similar terminal languages), XML, YAML/JSON.
Python is the priority as it will be used for Vulnerability
Testing, creating complex data structures and algorithms.
(Python is widely used in Pentesting scripts, Machine Learning, and broadly understood by most developers, which is why it is preferred)
Experience designing and implementing APIs (SOAP, REST, GraphQLs) to grab data from multiple applications and synchronize in a singular view
Experience with Automation and tools such as Docker and/or k8s, Ansible, Jenkins, Terraform,
Experience with MySQL
Nice to Have Skills & Experience
Experience with AWS or other cloud platforms
Any credentials from the following certification bodies: ISC2, ISACA, CompTIA, GIAC, AWS, Azure, TOGAF, SABSA
Participation in bug hunting / bug bounty communities is a plus.
Experience with PCI / GDPR / or CCPA a plus.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.
Created: 2024-10-02
Reference: 354604
Country: United States
State: Arizona
City: Scottsdale
ZIP: 85259
Similar jobs:
-
Senior Software Engineer I
Shutterfly Career Site in Tempe, Arizona -
Software Engineer 4 - Contingent 168368 TECH
Innova solutions in Chandler, Arizona💸 $65 - $70 per hour -
Software Development Engineer, Selling Partner Trust
Amazon in Tempe, Arizona -
Sr. Software Development Engineer, Amazon Stores
Amazon in Tempe, Arizona💸 $134500 per year -
Golang Software Engineer
Insight Global in Phoenix, Arizona -
Sr. Software Development Engineer, Customer Trust - Core Services
Amazon in Tempe, Arizona -
Senior Advanced Software Engineer
General Dynamics Corporation in Scottsdale, Arizona💸 $142601. per year -
Golang Software Engineer
Insight Global in Phoenix, Arizona -
Lead Software Engineer ( Java developer )
System One Holdings, LLC in Phoenix, Arizona -
Software Development Engineer II, Selling Partner Communities and Satisfaction
Amazon in Tempe, Arizona💸 $129300 per year -
Software Engineer
Shutterfly Career Site in Tempe, Arizona💸 $127500 per year -
Software Engineer Entry Level
General Dynamics Corporation in Scottsdale, Arizona💸 $82200.0 per year -
Software Engineer Entry Level
General Dynamics Corporation in Scottsdale, Arizona💸 $82200.0 per year -
Software Development Engineer, Contra
Amazon in Tempe, Arizona -
Software Development Engineer II, Sort Tech
Amazon in Tempe, Arizona -
Software Engineer (Agile)
Idealforce LLC in Phoenix, Arizona -
Software Developer Engineer Test - Senior
Aquent in Phoenix, Arizona💸 $53.99 - $59.99 per hour -
Sr Advanced Software Engineer
General Dynamics Corporation in Pittsburgh, Arizona💸 $135774. per year -
Software Development Engineer II, Sort Tech
Amazon in Tempe, Arizona -
Software Development Engineer, Amazon Stores
Amazon in Tempe, Arizona