Application Security

Summary: The Application Security role focuses on enhancing the security posture of applications through offensive and defensive strategies, requiring hands-on expertise in various security tools and methodologies. The position involves collaboration with engineering teams to manage vulnerabilities and implement secure coding practices. Candidates should possess a strong understanding of web and API vulnerabilities, as well as experience securing cloud environments. This role is available in a hybrid or remote capacity based in Parsippany, NJ.

Key Responsibilities:

• 3+ years of offense and defense application security experience with demonstrated hands-on expertise in SAST and SCA tools such as Checkmarx and Synk, including findings triage, ruleset tuning, and managing vulnerability lifecycle across enterprise environments
• Strong understanding of OWASP Top Ten and broader web and API vulnerabilities, including practical remediation techniques within enterprise environments
• Knowledge of web and mobile application development and deployment methodologies
• Hands-on experience securing AWS cloud environments, including Lambda, API Gateway, IAM, and S3, with experience operating cloud-native security platforms such as Orca Security, Wiz, or Prisma Cloud to surface and remediate risk across workloads and infrastructure
• Ability to read and reason about code in languages such as Node.js, JavaScript, Java, or Python. Ability to sufficiently perform meaningful secure code review, validate SAST/SCA findings, and collaborate credibly with engineering teams on remediation
• Experience working with change management and release governance processes within production environments
• Strong project management and communication skills with the ability to represent cybersecurity requirements across technical and business stakeholders
• Solid understanding of agile methodologies, DevSecOps practices, and CI/CD pipeline integration
• Familiarity with security threat intelligence sources and how they inform application-layer defenses
• Experience partnering with development teams to drive security remediation by running working sessions, building runbooks, and supporting secure coding adoption through a developer-first engagement model.

Key Skills:

• 3+ years of application security experience
• Hands-on expertise in SAST and SCA tools (Checkmarx, Synk)
• Understanding of OWASP Top Ten and web/API vulnerabilities
• Knowledge of web and mobile application development methodologies
• Experience securing AWS cloud environments
• Proficiency in programming languages (Node.js, JavaScript, Java, Python)
• Experience with change management and release governance
• Strong project management and communication skills
• Understanding of agile methodologies and DevSecOps practices
• Familiarity with security threat intelligence sources

Salary (Rate): £56.25 hourly

City: Parsippany

Country: United States

Working Arrangements: hybrid

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT