Application Security Engineer

Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating.

We are looking for highly motivated, performance driven individuals to be a part of our expanding team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on it!

We are seeking a highly motivated Security Engineer to help scale and mature our Application Security and DevSecOps capabilities across our product portfolio. In this role, you will partner closely with engineering, product, and compliance teams to embed security into the software development lifecycle, automate security testing, and drive remediation of application and product risks.

This role is ideal for someone who enjoys working hands-on with development teams, security tooling, and automation, while also contributing to process definition and security program maturity.

• Implement and operationalize a Secure Software Development Lifecycle (SSDLC) across products, including defining processes, controls, and security checkpoints in collaboration with cross‑functional teams.

• Execute and scale automated application security testing in CI/CD pipelines, including:

• Static Application Security Testing (SAST)

• Dynamic Application Security Testing (DAST)

• Software Composition Analysis (SCA)

• API and runtime security testing

• Triage, validate, and prioritize security findings, reduce false positives, and partner with engineering teams to drive effective remediation.

• Perform hands‑on application security activities, including threat modeling, secure design reviews, code reviews, and targeted security testing aligned to OWASP Top 10 and CWE Top 25 risks.

• Support vulnerability disclosure and bug bounty programs, including intake, validation, coordination, and remediation tracking.

• Contribute to application security awareness and training, helping developers understand secure coding practices and common vulnerability patterns.

• Develop and maintain application security metrics and dashboards, providing a consolidated ("single pane of glass") view of risk posture through automation.

• Research emerging technologies, frameworks, and attack techniques and assess their applicability and risk to current and future products.

• Collaborate with Quality, Regulatory, Legal, Privacy, Compliance, Architecture, and Product Development teams to ensure security is designed in, verified during development, and managed in production.

• Support cybersecurity documentation and evidence required for regulatory submissions in regulated product environments.

• Bachelor’s degree in information security or computer science, or equivalent practical experience.

• 3–5 years of experience in cybersecurity with a strong focus on application security, product security, or DevSecOps.

• Hands‑on experience with tooling, such as:

• SAST, DAST, SCA, IAST, and API testing tools

• Examples include Checkmarx, Snyk, ZAP, Dependency‑Track, GitHub Actions, Jenkins, or similar

• Demonstrated ability to identify, validate, and explain OWASP Top 10 and CWE Top 25 vulnerabilities.

• Experience integrating security testing into CI/CD pipelines and modern development workflows.

• Familiarity with vulnerability disclosure and bug bounty programs.

• Working knowledge of at least one common programming language (e.g., C, C++, Java, .NET, Python, or similar).

• Understanding of threat modeling, attack surfaces, common exploit classes, and frameworks such as MITRE ATT&CK.

• Strong written and verbal communication skills, with the ability to translate security risks into clear, actionable guidance for technical and non‑technical audiences.

• Required Leadership/Interpersonal Skills & Behaviors:

• Effectively communicate complex information, concepts, and ideas in a clear and organized manner through verbal, written, and visual mechanisms.

• Strong collaboration skills and an ability to work with cross‑functional teams across the security and privacy organization and broader Corporate Technology organization.

• Ability to work with virtual and global teams in a fast‑paced environment.

• Experience balancing security needs with broader business objectives.

At Insulet Corporation all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.