Job Title: Senior Application Security Engineer
Labor Category: Specialist 3
Location: New York NY
Job Type: Contract
Work schedule: Normal business hours Monday-Friday 9-5, 35 hours/week (not including mandatory unpaid meal break after 6 hours of work).
Duration: 1 Years
Pay Rate: $110 - $120 per hour

PREFERRED SKILLS/EXPERIENCE FOR CONSULTANT CANDIDATES:

• Advanced cloud security experience: Experience securing cloud environments (AWS, Azure, GCP) with tools like Web Application Firewalls (WAF), and implementing IAM, encryption, and monitoring tools.
• Experience with scripting and automation, using Python, Bash, or PowerShell, to automate security tasks, integrate security testing tools, and improve the efficiency of security operations.
• Strong communication skills: Ability to effectively explain complex security concepts and risks to both technical teams and non-technical stakeholders, ensuring alignment on security measures.
• Leadership and mentoring skills: Experience leading security teams or initiatives, mentoring junior engineers, and fostering a culture of security awareness within the organization.
• Collaboration and cross-functional teamwork: Proven ability to work effectively with development, DevOps, and IT teams to integrate security into all aspects of the business, ensuring security goals align with business objectives.
• Highly flexible/willing to learn new technologies.
• Highly organized with excellent analytical, problem solving and decision-making skills.

ADDITIONAL QUALIFICATIONS:

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP), or GIAC Web Application Penetration Tester (GWAPT) are highly preferred.
• Knowledge of compliance standards like NIST, PCI-DSS, and GDPR and how they apply to application security.

MANDATORY SKILLS/EXPERIENCE: Note: candidates who do not have the mandatory skills will not be considered.

• 12 years of experience in application security, with a proven track record of conducting vulnerability assessments, penetration testing, and secure code reviews.
• Extensive experience in secure application development, including knowledge of security frameworks like OWASP Top 10, and the ability to guide development teams in implementing secure coding practices.
• Proficiency in Software Composition Analysis (SCA) tools (e.g., Veracode, AppSec) for identifying and managing vulnerabilities in open-source libraries and third-party components.
• Advanced knowledge of static and dynamic application security testing (SAST/DAST) tools (e.g., Veracode, AppSec, Burp Suite) and integrating these tools into CI/CD pipelines for automated security checks.
• Strong cloud security expertise, including securing applications and workloads on AWS, Azure, or GCP, and experience with Web Application Firewalls (WAF) and cloud-native security services

? Perform comprehensive cybersecurity risk analysis, identifying and prioritizing risks specifically related to application security.
? Develop, socialize, and implement security strategies to address vulnerabilities in web applications, microservices, APIs, and mobile applications.
? Track and manage progress against security plans, ensuring timely remediation of identified vulnerabilities.
? Lead the security implementation in application development projects, ensuring “secure by design” practices.
? Create and maintain architecture diagrams, outlining secure communication flows, and develop both high-level and low-level security design documents.
? Troubleshoot and resolve application security issues in collaboration with internal teams and external vendors.
? Translate application compliance requirements into specific security controls, recommending compensating measures where appropriate.
? Regularly report on the organizations security posture, with a focus on application vulnerabilities, to senior management.
? Perform/coordinate application vulnerability assessments and ensure timely remediation in collaboration with the Development, IT, and Systems teams.
? Implement secure coding practices, perform static and dynamic application security testing (SAST/DAST), and support developers with secure code reviews.
? Monitor security incidents and respond to application-level threats, ensuring quick resolution of potential vulnerabilities.
? Establish and enforce secure configurations for applications and their underlying infrastructure, such as databases and APIs.
? Perform threat simulations to detect risks and recommend improvements for securing application designs, API security, identity management, and access control measures.
? Collaborate with teams to ensure continuous integration and continuous deployment (CI/CD) pipelines incorporate security controls.

MANDATORY SKILLS/EXPERIENCE: Note: candidates who do not have the mandatory skills will not be considered.

• 12 years of experience in application security, with a proven track record of conducting vulnerability assessments, penetration testing, and secure code reviews.
• Extensive experience in secure application development, including knowledge of security frameworks like OWASP Top 10, and the ability to guide development teams in implementing secure coding practices.
• Proficiency in Software Composition Analysis (SCA) tools (e.g., Veracode, AppSec) for identifying and managing vulnerabilities in open-source libraries and third-party components.
• Advanced knowledge of static and dynamic application security testing (SAST/DAST) tools (e.g., Veracode, AppSec, Burp Suite) and integrating these tools into CI/CD pipelines for automated security checks.
• Strong cloud security expertise, including securing applications and workloads on AWS, Azure, or GCP, and experience with Web Application Firewalls (WAF) and cloud-native security services.