Application Security Analyst / Engineer (Remote/Flexible)

Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating.

We are looking for highly motivated, performance driven individuals to be a part of our expanding team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on it!

Job Title:  Application Security Analyst / Engineer (Remote/Flexible)

Company Overview:  

Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives using our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating. 

We are looking for highly motivated, performance-driven individuals to be a part of our expanding Application Security team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on it! 

Position Overview: 

As the Application Security Analyst/Engineer, you will help drive and implement the secure Software Development Lifecycle Program for all digital/cloud-based and device-based products at Insulet, collaborating with the development and other product security teams to ensure application security risks are identified and remediated in a continuous integration and continuous deployment (CI/CD) manner. You will manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements. 

Responsibilities: 

• Implement secure Software Development Lifecycle for all Insulet products.  This will include drafting the process and collaborating with cross-functional partners to implement the process across Insulet. 

• Run Static Application Security Testing, Dynamic Application Security Testing, and Software Composition Analysis, in a CI/CD manner, dispositioning risks, resolving false positives, and driving remediations. 

• Contribute to development and deployment of the application security awareness program. 

• Work in the Vulnerability Disclosure and Bug Bounty processes and programs. 

• Generate key application security metrics and provide a single pane of glass for all application security vulnerabilities via automation. 

• Perform security activities including threat modeling and vulnerability analysis, code review, and security testing, ensuring teams are validating for at least the OWASP Top 10 and CWE Top 25. 

• Research emerging technologies and assess their applicability to the products. 

• Collaborate with cross-functional team members from Quality, Regulatory, Legal, Privacy, Compliance, Architecture, and Product Development to ensure security is incorporated by design, during development, and managed in deployment. 

• Support cybersecurity deliverables for regulatory submissions. 

Education:

• Bachelor’s degree in electrical engineering or computer science, or equivalent practical experience.
   

Qualifications: 

• 3+ years in cybersecurity with a required focus on application security. Experience in security engineering and security architecture is desired. 

• Experience with various SAST/DAST/SCA/API Testing/IAST tools like Checkmarx, Snyk, Dependency Track, OSS Review Toolkit, ZAP, etc is desired.

• Hands-on-experience in identifying and validating OWASP Top 10/CWE Top 25 vulnerabilities. 

• Prior experience in CI/CD Practices, Bug Bounty, and Vulnerability Disclosure Programs. 

• Programming skills in either C, C++, Java, .NET, or other widely used languages or the intention to learn.

• Understanding of various types of exploits, threat modeling, attack surfaces, and comfort in the use of tools such as MITRE ATT&CK. . 

• Experience working with multiple stakeholders such as engineering/operations teams, internal business units, and external incident response teams. 

Soft skills:

• Effectively communicate complex information, concepts, and ideas in a clear and organized manner through verbal, written, and visual mechanisms. 

• Excellent communication, organizational skills, and experience in translating business goals into technical security deliverables

• Strong collaboration skills and an ability to work with cross-functional teams across the security and privacy organization and broader Corporate Technology organization. 

• Ability to work with virtual and global teams in a fast-paced environment. 

• Experience balancing security needs with broader business objectives is a plus.
   

NOTE: This position is eligible for 100% remote working arrangements (may work from home/virtually 100%; may also work hybrid on-site/virtual as desired). #LI-Remote