Spearheadtech
Application Security (AppSec) and DevSecOps Engineer
Spearheadtech, Albany, New York, United States
Application Security (AppSec) and DevSecOps Engineer
Albany, United States | Posted on 08/01/2025 Work Experience: Associate Level 2-5 years Date Opened: 08/01/2025 City: Albany State/Province: New York Country: United States Job Description
About the job:
Application Security (AppSec) and DevSecOps Engineer Career Level:
Mid-level Location:
Remote/Onshore/US NY - Albany Who We Are:
This is Nexgentek, Inc — where every challenge is an opportunity, and every solution is a masterpiece in the making. As a full-lifecycle IT company, we transcend mere delivery; we engineer success. From inception to implementation, our seasoned expertise shepherds every phase of the journey. Be it planning, analysis, design, development, testing, or the seamless transition to production, we stand as steadfast partners in our clients’ progress. At Spearhead Technology, quality isn't a mere aspiration—it's our ethos. Rooted in Tech Advisory, our methodology is guided by insights that spark transformative outcomes. We recognize the paramount importance of talent retention. Through a steadfast commitment to work-life balance, competitive remuneration packages, and an optimized operational model, we ensure our team remains as exceptional as our services. Step into Spearhead Technology, where innovation meets precision, and together, let's sculpt the future of technology with finesse and distinction. Requirements
At Nexgentech, Inc, we're committed to building secure, reliable, and innovative systems that our clients and communities can trust. We're looking for an experienced and proactive Application Security (AppSec) and DevSecOps Engineer who is passionate about embedding security into every step of the software development lifecycle. In this role, you'll partner with engineering, operations, and security teams to design and implement scalable security practices that safeguard our applications and infrastructure while supporting agility and growth. If you enjoy being hands-on, solving complex challenges, and mentoring others on secure development, this role is for you. What You’ll Do
Secure SDLC Integration Embed security from the earliest stages of design through development and deployment. Work closely with Agile/Scrum teams to identify, track, and resolve security issues during sprint cycles. Conduct security architecture and threat modeling reviews. Lead secure design discussions and threat modeling sessions. Educate development teams on secure coding standards and best practices. Help define and maintain a secure backlog, including user stories and acceptance criteria tied to security requirements. Champion secure development practices across teams and pipelines. CI/CD Pipeline Security Integrate tools for SAST, DAST, SCA, and IaC scanning into CI/CD workflows. Automate security checks to provide continuous feedback and compliance assurance. Ensure outputs are traceable by syncing findings with ticketing and tracking systems. Application Security Perform static and dynamic analysis, vulnerability assessments, and manual code reviews. Coordinate and lead internal and third-party penetration tests. Work with developers to remediate vulnerabilities efficiently and effectively. Track resolution progress through security-focused sprint cycles. Monitor and assess third-party and open-source components for risks. Infrastructure & DevSecOps: Harden containerized environments (Docker, Kubernetes) and manage their security posture. Apply secure practices in cloud platforms like AWS, Azure, or GCP using IaC tools (Terraform, CloudFormation). Implement strong secrets management, access controls, and cloud-native protections. Governance & Compliance Align application security practices with standards like ISO 27001, SOC 2, HIPAA, NIST 800-53, and NIST SSDF. Support audit readiness by maintaining evidence and documentation for compliance controls. Map implemented security controls to regulatory frameworks and security policies. What You Bring
Required Qualifications Bachelor’s degree in Computer Science, Cybersecurity, or equivalent practical experience. 3–5+ years in AppSec, DevSecOps, or similar security-focused engineering roles. Strong experience with security tools: SAST (e.g., Checkmarx, SonarCloud), DAST (e.g., OWASP ZAP, Burp), SCA (e.g., Snyk), IaC scanning (e.g., tfsec). Proficiency with CI/CD systems like Jenkins, GitHub Actions, GitLab CI/CD. Knowledge of secure design principles, OWASP Top 10, and threat modeling. Experience with scripting languages (Python, Bash, etc.). Familiarity with containerization and orchestration (Docker, Kubernetes). Experience in regulated environments (e.g., HIPAA, SOC2) and knowledge of NIST 800-53 and NIST SSDF. Preferred Qualifications Certifications such as OSCP, CISSP, CSSLP, or CEH. Experience with multi-cloud security (Azure, AWS, GCP). Background leading pen tests and managing coordinated remediation. Participation in bug bounty or responsible disclosure programs. Experience with a security champions program. What Sets You Apart You’re a great communicator who can translate complex security risks into actionable insights—whether speaking to engineers or executives. You’re a natural collaborator who thrives in cross-functional teams. You’re adaptable, resourceful, and capable of working independently with a proactive mindset. You bring not just technical acumen but also empathy, curiosity, and a commitment to doing things the right way. What’s in it for you: At Spearhead Technology, we prioritize your well-being and professional growth. Here's what you can expect: Achieve a healthy work-life balance. Competitive compensation and abundant growth opportunities. Enjoy a standard 5-day workweek with 2 fixed weekly off days. Experience an employee-centric environment with supportive policies. Benefit from family-friendly and flexible work arrangements. Access our Performance Advancement and Career Enhancement (PACE) initiative and discover opportunities for both personal and professional growth. From tailored career development plans to expert counseling services, PACE empowers you to chart your course to success with confidence and clarity. Elevate your career trajectory with our Learning & Development (L&D) program. Join our team and embark on a transformative journey of upskilling and self-discovery. With continuous learning as your compass, you'll not only enhance your expertise but also open doors to new opportunities, paving the way for career growth and fulfillment. Please note:
At Spearhead Technology, we value collaboration, learning, and fostering connections with clients, peers, leaders, and communities. While some in-person engagement may be required for certain roles, we are committed to providing flexibility to accommodate your work-life balance needs. As an equal opportunity employer, Spearhead Technology welcomes and encourages applications from all members of society. We are dedicated to creating an inclusive environment where diversity is celebrated, and individuals are valued for their unique perspectives and contributions. We do not discriminate based on race, religion or belief, ethnicity, disability, age, citizenship, marital or civil partnership status, sexual orientation, or gender identity.
#J-18808-Ljbffr
Albany, United States | Posted on 08/01/2025 Work Experience: Associate Level 2-5 years Date Opened: 08/01/2025 City: Albany State/Province: New York Country: United States Job Description
About the job:
Application Security (AppSec) and DevSecOps Engineer Career Level:
Mid-level Location:
Remote/Onshore/US NY - Albany Who We Are:
This is Nexgentek, Inc — where every challenge is an opportunity, and every solution is a masterpiece in the making. As a full-lifecycle IT company, we transcend mere delivery; we engineer success. From inception to implementation, our seasoned expertise shepherds every phase of the journey. Be it planning, analysis, design, development, testing, or the seamless transition to production, we stand as steadfast partners in our clients’ progress. At Spearhead Technology, quality isn't a mere aspiration—it's our ethos. Rooted in Tech Advisory, our methodology is guided by insights that spark transformative outcomes. We recognize the paramount importance of talent retention. Through a steadfast commitment to work-life balance, competitive remuneration packages, and an optimized operational model, we ensure our team remains as exceptional as our services. Step into Spearhead Technology, where innovation meets precision, and together, let's sculpt the future of technology with finesse and distinction. Requirements
At Nexgentech, Inc, we're committed to building secure, reliable, and innovative systems that our clients and communities can trust. We're looking for an experienced and proactive Application Security (AppSec) and DevSecOps Engineer who is passionate about embedding security into every step of the software development lifecycle. In this role, you'll partner with engineering, operations, and security teams to design and implement scalable security practices that safeguard our applications and infrastructure while supporting agility and growth. If you enjoy being hands-on, solving complex challenges, and mentoring others on secure development, this role is for you. What You’ll Do
Secure SDLC Integration Embed security from the earliest stages of design through development and deployment. Work closely with Agile/Scrum teams to identify, track, and resolve security issues during sprint cycles. Conduct security architecture and threat modeling reviews. Lead secure design discussions and threat modeling sessions. Educate development teams on secure coding standards and best practices. Help define and maintain a secure backlog, including user stories and acceptance criteria tied to security requirements. Champion secure development practices across teams and pipelines. CI/CD Pipeline Security Integrate tools for SAST, DAST, SCA, and IaC scanning into CI/CD workflows. Automate security checks to provide continuous feedback and compliance assurance. Ensure outputs are traceable by syncing findings with ticketing and tracking systems. Application Security Perform static and dynamic analysis, vulnerability assessments, and manual code reviews. Coordinate and lead internal and third-party penetration tests. Work with developers to remediate vulnerabilities efficiently and effectively. Track resolution progress through security-focused sprint cycles. Monitor and assess third-party and open-source components for risks. Infrastructure & DevSecOps: Harden containerized environments (Docker, Kubernetes) and manage their security posture. Apply secure practices in cloud platforms like AWS, Azure, or GCP using IaC tools (Terraform, CloudFormation). Implement strong secrets management, access controls, and cloud-native protections. Governance & Compliance Align application security practices with standards like ISO 27001, SOC 2, HIPAA, NIST 800-53, and NIST SSDF. Support audit readiness by maintaining evidence and documentation for compliance controls. Map implemented security controls to regulatory frameworks and security policies. What You Bring
Required Qualifications Bachelor’s degree in Computer Science, Cybersecurity, or equivalent practical experience. 3–5+ years in AppSec, DevSecOps, or similar security-focused engineering roles. Strong experience with security tools: SAST (e.g., Checkmarx, SonarCloud), DAST (e.g., OWASP ZAP, Burp), SCA (e.g., Snyk), IaC scanning (e.g., tfsec). Proficiency with CI/CD systems like Jenkins, GitHub Actions, GitLab CI/CD. Knowledge of secure design principles, OWASP Top 10, and threat modeling. Experience with scripting languages (Python, Bash, etc.). Familiarity with containerization and orchestration (Docker, Kubernetes). Experience in regulated environments (e.g., HIPAA, SOC2) and knowledge of NIST 800-53 and NIST SSDF. Preferred Qualifications Certifications such as OSCP, CISSP, CSSLP, or CEH. Experience with multi-cloud security (Azure, AWS, GCP). Background leading pen tests and managing coordinated remediation. Participation in bug bounty or responsible disclosure programs. Experience with a security champions program. What Sets You Apart You’re a great communicator who can translate complex security risks into actionable insights—whether speaking to engineers or executives. You’re a natural collaborator who thrives in cross-functional teams. You’re adaptable, resourceful, and capable of working independently with a proactive mindset. You bring not just technical acumen but also empathy, curiosity, and a commitment to doing things the right way. What’s in it for you: At Spearhead Technology, we prioritize your well-being and professional growth. Here's what you can expect: Achieve a healthy work-life balance. Competitive compensation and abundant growth opportunities. Enjoy a standard 5-day workweek with 2 fixed weekly off days. Experience an employee-centric environment with supportive policies. Benefit from family-friendly and flexible work arrangements. Access our Performance Advancement and Career Enhancement (PACE) initiative and discover opportunities for both personal and professional growth. From tailored career development plans to expert counseling services, PACE empowers you to chart your course to success with confidence and clarity. Elevate your career trajectory with our Learning & Development (L&D) program. Join our team and embark on a transformative journey of upskilling and self-discovery. With continuous learning as your compass, you'll not only enhance your expertise but also open doors to new opportunities, paving the way for career growth and fulfillment. Please note:
At Spearhead Technology, we value collaboration, learning, and fostering connections with clients, peers, leaders, and communities. While some in-person engagement may be required for certain roles, we are committed to providing flexibility to accommodate your work-life balance needs. As an equal opportunity employer, Spearhead Technology welcomes and encourages applications from all members of society. We are dedicated to creating an inclusive environment where diversity is celebrated, and individuals are valued for their unique perspectives and contributions. We do not discriminate based on race, religion or belief, ethnicity, disability, age, citizenship, marital or civil partnership status, sexual orientation, or gender identity.
#J-18808-Ljbffr