APPLICATION SECURITY ENGINEER (REMOTE)

Contract | Remote | Application Security
A leading cybersecurity consulting firm is looking for an experienced Application Security Engineer to join its growing Application Security practice. This role is ideal for someone with strong C#/.NET expertise who thrives in client-facing environments and enjoys digging deep into secure development practices.

• Remediation Guidance: Work directly with engineering and DevOps teams to validate, prioritize, and support remediation of vulnerabilities from assessments, scans, and bug bounty submissions.
• Manual Secure Code Review: Review .NET and enterprise application codebases to identify logic flaws, injection risks, misconfigurations, and other security issues that scanners often miss.
• Threat Modeling: Conduct lightweight threat modeling for new application features to uncover architectural risks early in the development lifecycle.
• Secure SDLC Enablement: Serve as a trusted security advisor to development teams, driving secure coding practices and embedding security into CI/CD workflows.
• Tooling Integration: Assist with the setup and fine-tuning of AppSec tools (SAST, DAST, SCA) and their integration into development pipelines.

What You Bring

• Solid experience in C#/.NET Core and Framework development and security
• Deep knowledge of secure coding practices , OWASP Top 10, and common vulnerability patterns (CWE)
• Hands-on experience with manual code reviews
• Familiarity with threat modeling frameworks (STRIDE, LINDDUN, etc.)
• Understanding of modern SDLC processes, DevOps culture, and security tooling
• Strong communication skills and the ability to work effectively with engineers and security teams