Job Description

The Software/Security Engineer III is primarily responsible for penetration testing a variety of environments based on methodical adherence to attack-scoring frameworks. They will build, deploy, and maintain new security automation and orchestration tooling to integrate scanning and monitoring for compliance within existing pipelines. They also review and guide internal teams in developing more secure codebases, while educating them on best practices to build a strong security-first culture.

The following are essential accountabilities:

In-Depth Penetration Testing & Threat Modeling

Conduct ongoing internal and 3rd party vendor penetration testing and auditing aligned with compliance and legal objectives.

Perform threat modeling in accordance with OWASP Top 10, MITRE ATT&CK, and similar attack-scoring frameworks.

Monitor, test, and proactively report on current threats and vulnerabilities to respective teams.

Research and educate on emerging threats within similar environments and landscapes, along with offering remediation solutions for such.

Security Tooling, Automation, & Orchestration

Build, ship, and maintain various security packages to internal application codebases for automation.

Identify vulnerable dependencies across the organization and work with individual teams to resolve them.

Install programmatic measures to prevent and mitigate repeat vulnerability occurrences.

Integrate security monitoring within existing CI/CD pipelines. Work with Ansible and Jenkins is a plus.

Build complex regex and other pattern identification scripts and parsing to identify potential injection attempts.

Building and integrating APIs from disparate systems for orchestrated audits and scans.

Knowledge and experiences with data protection concepts such as: (a) data obfuscation, anonymization, & de-identification; (b) secrets management; and (c) vault services.

Experience building application parameterized/prepared-statement query interfaces a plus.

Secure-SDLC (sSDLC) Guidance, Codebase Review, & Support

Develop detailed security design and procedures across the enterprise to drive a standardized set of requirements and align with internal policies.

Lead secure-SDLC and product security maturity efforts to adopt a shift-left approach to security.

Conduct platform/service workload design and architecture reviews, as well as audit source code for compliance.

Monitoring, Logging, & Reporting

Parse a variety of debug logs for determining behavioral baselines to better formulate granular internal policies and standards.

Orchestrate log ingestion into tools and tuning rulesets for advanced metrics reporting on enterprise-wide security posture.

Build leaderboards and reporting interfaces on current and forecasted KPIs and risk indicators.

Other General Duties

Provide product security related coaching and mentoring to elevate security expertise of development teams.

Take ownership of security decisions made in the engineering organization by helping organization members make clear decisions in alignment with organizational goals, backing decisions made, and taking responsibility for their success.

Foster a company-wide positive culture across by having conversations based on organizational strategy and principles to create alignment.

Ensure security goals are understood and continuously worked towards across the organization.

Takes ownership and responsibility for organizational security practices and processes and their continuous improvement.

Effectively handle risk, change, and uncertainty across the organization.

Facilitate organization-wide discussions, ensuring that everyone has an opportunity to share their opinion and be heard, and that discussion outcomes are tied to stated goals.

Actively advance a culture of documentation and knowledge sharing across the organization.

Respond in a timely manner to on-call security notifications when scheduled on monthly rotation.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees in this position.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com .

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

Skills and Requirements

Bachelors degree in computer science or a related field, or equivalent work experience.

8 - 10 Years of Development Experience in the following languages: Python, JS (Node, AJAX), Java, SQL, Linux Bash (or similar terminal languages), XML, YAML/JSON. Python is the priority as it will be used for Vulnerability Testing, creating complex data structures and algorithms.

Python is widely used in Pentesting scripts, Machine Learning, and broadly understood by most developers, which is why it is preferred

Expert knowledge and experience with Kali Linux tooling (Nmap, Burp, ZAP, Metasploit, sqlmap). As their Kali Linux sits within AWS and will be creating APIs for their suites, kick off a pipeline and their data stores and databases will pull from the API

Experience designing and implementing APIs (SOAP, REST, GraphQLs) to grab data from multiple applications and synchronize in a singular view

Expert knowledge of web application and database design, development, and integration techniques including creating or utilizing a database monitoring solution or scanning script

Knowledge of Docker and/or k8s, Ansible, Jenkins, Terraform, and AWS/Azure preferred

Understanding of Terraform, Ansible, Jenkins and Docker and experience configuring security tools to run automatically

Experience with Azure or AWS (preferred) Cloud Environment Any credentials from the following certification bodies: ISC2, ISACA, CompTIA, GIAC, AWS, Azure, TOGAF, SABSA

Participation in bug hunting / bug bounty communities is a plus.

Experience with PCI / GDPR / or CCPA a plus. null

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to HR@insightglobal.com.