Application Security Developer
Role details
Job location
Tech stack
Job description
Insight Global is looking for a well-rounded very technical hands-on person to join our team as an Application Security Engineer. This person should be able to work independently in a very fast-paced environment. They will have the opportunity to work and grow in all aspects of the cybersecurity program.
The ideal candidate shall also possess a background in application development to go with their security knowledge and experience. They will focus on identifying and mitigating security vulnerabilities in software applications throughout their lifecycle They will also be asked to work closely with our development team to integrate security practices and ensure applications are designed, developed, and deployed securely.
Responsibilities:
-
Play a crucial part in the security development life cycle from beginning to end.
-
Define and enforce security requirements and standards for application development, ensuring compliance with regulatory requirements as well as industry best practices.
-
Conduct regular security assessments and code reviews to identify potential vulnerabilities.
-
Conduct security reviews of applications and infrastructure to identify and address vulnerabilities.
-
Work with our developers to promote and implement secure coding best practices, providing guidance and training on security vulnerabilities.
-
Penetration testing of applications to identify any potential weaknesses and work with our developers to remediate them.
Requirements
-
4-7+ years of experience in software development and understanding of the SDLC.
-
Last 2-3+ years in application security
-
Experience with Microsoft Azure and/or Amazon AWS (preference on Azure)
-
Hands-on experience with:
-
Static & dynamic analysis tools (Sonarqube or similar tools)
-
Vulnerability scanners
-
Application penetration testing tools (Burp Suite and/or Kali Linux preferred)
-
Excellent communication and collaboration skills. * Relevant industry certifications such as SANS, CASE, CSSLP
-
Familiar with NIST or ISO frameworks and PCI requirements.