JR Application Security Engineer

A healthcare client is looking for 2 JR level Application Security Engineers to sit fully remote. The 2 Engineers are going to be joining the DevSecOps team working alongside 9-12 developers/engineers. They will be part of an initiative of migrating all application security scanning tools into SNYK. The engineers are going to be somewhat hands on with the CICD pipelines and doing mostly regular code scanning to find any vulnerabilities. The candidates need to also have experience with understanding the ins and outs of an application scanning tools since they will be doing tons of code reviews and scanning. The engineers should have experience with Code Scanning tools such as Checkmarx or Nexus IQ. They should have full understanding of OWAS Top 10 and NIST Security Standards. The team will be moving to JIRA and have a more Agile SAFe approach and an on-call schedule that will be rotated. Breaking it down – this will be about 30% development and 70% code reviews.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

2-4 years of experience working as an Application Security Engineer
Experience with various SAST tools - Nexus IQ, CheckMarx, SNYK (primarily)
Experience with GitHub Actions
Ability to work with developers & talk through vulnerabilities in their code
SAST/DAST/SCA

Terraform
Experience building out CICD pipelines
MAST - Mobile Application Security

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.