Application Security Analyst

Job Overview:

Insight Global is seeking an Application Security Analyst to join one of our client's security teams with focus on application security and vulnerability management. The ideal candidate will have knowledge of standards and practices for securing applications and APIs. This role will participate in efforts to identify, verify, report, and track vulnerabilities within their systems and applications. This role spans multiple domains, including desktop, mobile, web applications, and API infrastructure.

Key Responsibilities:

• Schedule and perform regular application tests
• Conduct penetration tests on important software and systems
• Test changes before they go live
• Analyze and validate vulnerabilities
• Track and report testing activities
• Present findings to stakeholders
• Maintain dashboards for vulnerabilities
• Improve asset management processes
• Enhance threat modeling
• Review source code and identify duplicates
• Use security testing tools (e.g., Veracode, Burp Suite, Checkmarx, Postman)
• Automate security scans and integrate with CI/CD pipelines
• Collaborate with developers to improve security practices
• Support incident response and investigations
• Perform various security tests (penetration, purple team, red team)

Must Haves:

• Degree in Computer Science or related field.
• Minimum 2 - 5 years of IT experience
• Self-starter, able to work independently and in teams.
• Technical Skills:
• Strong understanding of internet architecture.
• Skilled in security testing (SAST, DAST, SCA, OWASP Top 10).
• Ability to verify vulnerabilities and manual testing.
• Familiar with security platforms (Checkmarx, AppScan, Fortify, Veracode, etc.).
• Experience with web services, JSON, and API testing.
• Conducting vulnerability assessments and communicating security issues.
• Proficient in programming (.NET, C, C#, Java, Python).
• Knowledge of OOP concepts and JavaScript (Node, React).
• 1-3 years of web development experience (HTML, ASP, ColdFusion, JSP, Node.js, React).
• Knowledge of pipeline integration and source code management (Jenkins, GitHub, etc.).
• Knowledge of relational databases (SQL Server, MySQL).
• Ability to write and understand SQL.
• Basic knowledge of Azure.

Preferred Qualifications: 

• Experience with ServiceNow
• Threat modeling in SDLC
• Knowledge of cloud computing and DevOps tools (Azure DevOps, Kubernetes, Docker, Chef)
• Experience with cloud platforms (AWS, Google, Azure) and cloud security (Wiz, Prisma Cloud).
• Machine learning experience
• Experience with RPGLE, RPG-FREE application development