Insight Global
Application Security Analyst
Insight Global is seeking an Application Security Analyst to join one of our client's security team with a focus on application security and vulnerability management. The ideal candidate will have knowledge of standards and practices for securing applications and APIs. This role will participate in efforts to identify, verify, report, and track vulnerabilities within their systems and applications. This role spans multiple domains, including desktop, mobile, web applications, and API infrastructure. Position responsibilities include: scheduling and performing regular application tests, conducting penetration tests on important software and systems, testing changes before they go live, analyzing and validating vulnerabilities, tracking and reporting testing activities, presenting findings to stakeholders, maintaining dashboards for vulnerabilities, improving asset management processes, enhancing threat modeling, reviewing source code and identifying duplicates, using security testing tools (e.g., Veracode, Burp Suite), automating security scans and integrating with CI/CD pipelines, collaborating with developers to improve security practices, supporting incident response and investigations, and performing various security tests (penetration, purple team, red team). We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to Human Resources Request Form. Skills and requirements include a degree in Computer Science or related field, minimum 2 - 5 years of IT experience, self-starter ability to work independently and in teams, strong understanding of internet architecture, skilled in security testing (SAST, DAST, SCA, OWASP Top 10), ability to verify vulnerabilities and manual testing, familiar with security platforms (Checkmarx, AppScan, Fortify, Veracode, etc.), experience with web services, JSON, and API testing, conducting vulnerability assessments and communicating security issues, proficient in programming (.NET, C, C#, Java, Python), knowledge of OOP concepts and JavaScript (Node, React), 1-3 years of web development experience (HTML, ASP, ColdFusion, JSP, Node.js, React), knowledge of pipeline integration and source code management (Jenkins, GitHub, etc.), knowledge of relational databases (SQL Server, MySQL), ability to write and understand SQL, basic knowledge of Azure, experience with ServiceNow, threat modeling in SDLC, knowledge of cloud computing and DevOps tools (Azure DevOps, Kubernetes, Docker, Chef), experience with cloud platforms (AWS, Google, Azure) and cloud security (Wiz, Prisma Cloud), machine learning experience, and experience with RPGLE, RPG-FREE application development.
Insight Global is seeking an Application Security Analyst to join one of our client's security team with a focus on application security and vulnerability management. The ideal candidate will have knowledge of standards and practices for securing applications and APIs. This role will participate in efforts to identify, verify, report, and track vulnerabilities within their systems and applications. This role spans multiple domains, including desktop, mobile, web applications, and API infrastructure. Position responsibilities include: scheduling and performing regular application tests, conducting penetration tests on important software and systems, testing changes before they go live, analyzing and validating vulnerabilities, tracking and reporting testing activities, presenting findings to stakeholders, maintaining dashboards for vulnerabilities, improving asset management processes, enhancing threat modeling, reviewing source code and identifying duplicates, using security testing tools (e.g., Veracode, Burp Suite), automating security scans and integrating with CI/CD pipelines, collaborating with developers to improve security practices, supporting incident response and investigations, and performing various security tests (penetration, purple team, red team). We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to Human Resources Request Form. Skills and requirements include a degree in Computer Science or related field, minimum 2 - 5 years of IT experience, self-starter ability to work independently and in teams, strong understanding of internet architecture, skilled in security testing (SAST, DAST, SCA, OWASP Top 10), ability to verify vulnerabilities and manual testing, familiar with security platforms (Checkmarx, AppScan, Fortify, Veracode, etc.), experience with web services, JSON, and API testing, conducting vulnerability assessments and communicating security issues, proficient in programming (.NET, C, C#, Java, Python), knowledge of OOP concepts and JavaScript (Node, React), 1-3 years of web development experience (HTML, ASP, ColdFusion, JSP, Node.js, React), knowledge of pipeline integration and source code management (Jenkins, GitHub, etc.), knowledge of relational databases (SQL Server, MySQL), ability to write and understand SQL, basic knowledge of Azure, experience with ServiceNow, threat modeling in SDLC, knowledge of cloud computing and DevOps tools (Azure DevOps, Kubernetes, Docker, Chef), experience with cloud platforms (AWS, Google, Azure) and cloud security (Wiz, Prisma Cloud), machine learning experience, and experience with RPGLE, RPG-FREE application development.