Junior Application Security Engineer
About The Position
The Junior Application Security Engineer supports the implementation and maintenance of the DevSecOps model in collaboration with Divisional DevOps teams. This entry-level technical role focuses on assisting with application security solutions that integrate development activities, information security, and automated release processes within the CI/CD pipeline. The ideal candidate will have a foundational understanding of development lifecycles and information security, familiarity with code scanning and review processes, and a willingness to learn and grow within the application security domain. Gallagher is seeking a Junior Application Security Engineer to join our Application Security team. Key responsibilities include:
Requirements
- Bachelor’s Degree in Computer Science (related) or equivalent experience in an entry-level security or development role.
- Basic understanding of common application-related vulnerabilities (such as the OWASP Top Ten) and their impact.
- Ability to explain how to mitigate security risks in .NET and Java frameworks at a fundamental level.
- Clear and concise writing style.
- Ability to complete tasks with specific direction and guidance.
- At least 1 year of hands-on experience with DAST tool such as OWASP ZAP, Qualys, BurpSuite or similar application security tools.
Nice To Haves
- Familiarity with common DevOps tools, such as Azure DevOps, Jenkins, JIRA, and Octopus.
- Knowledge of modern web architectures, especially microservices and Single Page Application frameworks.
- Experience automating security scans.
- Exposure to other software development languages, such as PHP, Python, and .NET.
- Security certifications, such as the Security+ or equivalent.
Responsibilities
- Assisting with onboarding applications into the Qualys WAS scanner, setting up initial and recurring automated scans, and performing initial analysis of scan results.
- Supporting code scanning processes, including SAST, SCA, Container scanning, Infrastructure as a Code (IaC) scanning embedded into the DevOps, CI/CD and Pull request process.
- Participate in code reviews to identify security vulnerabilities.
- Collaborating with development teams to provide remediation guidance, prioritization and monitor scan performance.
- Collecting and reporting metrics for scanning projects and helping automate repeatable processes.
- Assisting in the creation and maintenance of secure coding guidelines and process documentation.
- Supporting training initiatives for application security champions and developers.
- Providing tool support for SAST (Static Application Security Testing), SCA (Software Composition Analysis), DAST (Dynamic Application Security Testing), Container scanning, IaC (Infrastructure as a Code) scanning and ASPM (Application Security Posture Management) under the guidance of senior team members.
- Helping development teams understand and address security vulnerabilities.
- Writing documentation and assisting in training developers on security best practices.
Benefits
- Medical/dental/vision plans, which start from day one!
- Life and accident insurance
- 401(K) and Roth options
- Tax-advantaged accounts (HSA, FSA)
- Educational expense reimbursement
- Paid parental leave
- Digital mental health services (Talkspace)
- Flexible work hours (availability varies by office and job function)
- Training programs
- Gallagher Thrive program – elevating your health through challenges, workshops and digital fitness programs for your overall wellbeing
- Charitable matching gift program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
