Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating.

Job Title: Senior Manager, Application Security

Company Overview:

Insulet started in 2000 driven to achieve our mission of enabling our customers to enjoy simplicity, freedom and healthier lives using our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients who have insulin-requiring diabetes, by using innovative technology that is wearable, waterproof, and lifestyle accommodating. We are on an exciting trajectory of significant growth and global expansion enabling us to reach more patients around the globe. 

We are looking for highly motivated, performance driven individuals who want to be part of building our Center of Excellence and be at the forefront of our rapidly growing global footprint. We are looking to hire amazing people who are guided by shared values and desire to exceed customer expectations. Our continued success depends on it. 

Position Overview:

As the Senior Manager of Application Security, you will drive and implement the secure Software Development Lifecycle Program for all digital/cloud-based and device-based products at Insulet, guide and mentor application security architects and engineers and collaborate with the development teams to ensure application security risks are identified and remediated in a continuous integration and continuous deployment (CI/CD) manner. You will manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements.

Responsibilities:

• Drive secure Software Development Life Cycle for all Insulet products.  This will include drafting the process, collaborating with cross-functional partners to implement the process across-Insulet.
• Guide application security engineers in selecting security tools – e.g., Static Application Security Testing, Dynamic Application Security Testing, and Source Composition Analysis, in running tests in CI/CD manner, in dispositioning risks and resolving false positives, and driving remediations.
• Contribute to development and deployment of the application security awareness program.
• Lead the Vulnerability Disclosure and Bug Bounty processes and programs.
• Generate key application security metrics, and to provide a single pane of glass for all application security vulnerabilities via automation.
• Guide and perform security activities including threat modeling and vulnerability analysis, code review, and security testing, ensuring teams are validating for OWASP Top 10 and CWE/SANS Top 25.
• Provide Subject Matter Leadership in technical areas including but not limited to Application Security and Vulnerability Management.
• Research emerging technologies and assess their applicability to the products.
• Collaborate with cross-functional team members from Quality, Regulatory, Legal, Privacy, Compliance, Architecture and Product Development to ensure security in incorporated by-design, during development, and managed in deployment.
• Support cybersecurity deliverables for regulatory submissions.

Qualifications:

• Bachelor’s degree in electrical engineering or computer science, or equivalent practical experience
• 10+ years in cybersecurity with a required focus on application security. Experience in security engineering and security architecture is desired.
• Experience with various SAST/DAST/SCA/API Testing/IAST tools such as Snyk and Checkmarx.
• Hands-on-experience in identifying and validating OWASP Top 10/
• Prior experience in CI/CD Practices, Bug Bounty and Vulnerability Disclosure Programs.
• Programming skills in C, C++, Java, .NET or other languages.
• Understanding of various types of Exploits, Threat Modeling, and Attack surfaces.
• Excellent communication, organizational skills, and experience in translating business goals into technical security deliverables.
• Experience working with multiple stakeholders such as engineering/operations teams, internal business units, external incident response teams.

Required Leadership/Interpersonal Skills & Behaviors:

• Effectively communicate complex information, concepts, and ideas in a clear and organized manner through verbal, written, and visual mechanisms.
• Strong collaboration skills and an ability to work with cross-functional teams across the security and privacy organization and broader Corporate Technology organization.
• Ability to work with virtual and global teams in a fast-paced environment.
• Experience balancing security needs with broader business objectives.

NOTE: This position is eligible for 100% remote working arrangements (may work from home/virtually 100%; may also work hybrid on-site/virtual as desired). #LI-Remote  

Additional Information:

The US base salary range for this full-time position is $141,300.00 - $212,250.00. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position in the primary work location in the US. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your Talent Acquisition Specialist can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits.