Senior Application Security Engineer

LOCAL REMOTE role. MUST live in NYC area and able to work onsite in NYC 1-2 times per quarter.Our software client based in the NYC area has an immediate need for an Application Security Engineer to join their security team to proactively identify and resolve security risks, issues and incidents. The successful engineer with proactively assesses information risk and facilitate remediation of identified vulnerabilities within the client's network, systems and applications.LOCAL REMOTE role. MUST live in NYC area and able to work onsite in NYC 1-2 times per quarter.RESPONSIBILITIES:Proactively identify and resolve security risks, issues and incidents. Evaluate and assess information risk, as well as remediation of identified vulnerabilities with the ecosystem.Report on findings and recommendations for corrective action.Perform assigned vulnerability assessments utilizing enterprise security tools and methodologies.Perform assessments of IT security/risk posture within the IT network, systems and software applications.Drive security mitigation efforts through identification of opportunities to reduce risk and document remediation options regarding risk scenarios.Facilitate and monitor performance of risk remediation tasks.Design security solutions to address security vulnerabilities and weaknesses.Continuously update the monitoring environment and tools in order to provide the correct level of insight into the environment.Technical point of contact for product teams as it relates to automation, CI/CD, and Product Application Security Operations.Build tools and automation scripts that enable developers to easily consume security services delivered by Security Engineering and Automation team.REQUIRED EXPERIENCE:7+ years of experience in application security roles with increasing responsibility.5+ years or experience in an enterprise technology environment, with responsibilities across a operations, networking, systems and infrastructure architecture, or other as applicable technical areas.3+ years of experience in a Security Operations Center or Continuous Monitoring role3+ years of experience in Web Application Security, SSDLC and Threat Modelling.Prior hands on experience with Software Development Java / C# / C++.Experience with a variety of Continuous Monitoring, and vulnerability scanning toolsMust have hands on infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.Experience in managing application security testing tools like SAST, DAST and Open Source Vulnerability Scanning.Prior experience implementing SOX, PCI, ISO, NIST 800-53, NIST CSF,SonarQube, Snyk, Qualys, Wiz.DEEP understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies.Excellent written and verbal communication skills, including the ability to effectively communicate security and risk related concepts all audiences. Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teamsStrong preference for CISSP, ISC2, SANS, ISACA, or other recognized security professional credentialing organizations.Bachelors degree in information systems, engineering or equivalent work experience, preferably Information System management / Computer Science / Information Security or a related technical discipline.MUST live in NYC area and able to work onsite in NYC 1-2 times per quarter.

Created: 2025-02-19