New Millenium Consulting
Job title: Application Security Engineer
Job Location: New York, New York
Job Type: Contract W-2 ( Hybrid 3 days onsite)
Key Focus : Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), OWASP Top 10, penetration testing, vulnerability assessments.
A global bank is seeking an Application Security Engineer to join our team. As DevSecOps Engineer / Application Security Specialist, you will ensure the security of our applications throughout the SDLC. You will work closely with development teams to implement secure coding practices, conduct security assessments, and address vulnerabilities. Your focus will be on integrating security into our development processes and collaborating with cross-functional teams to make security a key part of our workflow.
This role is technical and hands-on and requires a deep understanding of application security practices (SAST, SCA, DAST) and generally the secure software development lifecycle (SDLC).
Responsibilities
Conduct comprehensive security assessments of applications, including SAST, SCA, DAST, penetration testing, and vulnerability assessments.
Collaborate with development teams to perform threat modeling sessions, identifying and prioritizing potential threats and vulnerabilities in applications.
Provide training and guidance to developers on secure coding practices and the effective use of security tools.
Assist in the investigation and remediation of security incidents related to vulnerabilities.
Contribute to the development and maintenance of application security policies, standards, and procedures to ensure compliance with industry best practices.
Evaluate, implement, and manage CI/CD security tools (e.g., Jenkins, Azure) and security testing tools (e.g., Checkmarx, Qualys, JFrog Xray, Twistlock) to enhance the security posture of applications.
Work closely with cross-functional teams, including development, IT, and compliance, to ensure that security is integrated into the development process and is part of the CI/CD pipeline.
Maintain up-to-date documentation of security assessments, findings, and remediation efforts to ensure transparency and compliance.
Apply OWASP methodologies to secure web applications, APIs, mobile environments, CI/CD processes, and Large Language Models (LLMs).
Understand security controls, policies, and compliance frameworks, ensuring alignment with industry standards.
Qualifications
Expertise in SAST, SCA, DAST, penetration testing, and vulnerability assessments.
Skilled in identifying and prioritizing threats in collaboration with development teams.
Knowledge of secure coding practices, with proven experience in providing training to developers.
Expertise in threat modeling, security architecture reviews, and vulnerability assessments.
Proficient in investigating and remediating security incidents effectively.
Experience with CI/CD security tools (e.g., Jenkins, Azure DevOps) and security testing tools (e.g., Checkmarx, Qualys, JFrog Xray, Twistlock).
Knowledgeable in Cloud Architecture, particularly with AWS and Azure.
Familiarity with security best practices for container images, registries, networks, and runtimes.
Deep understanding of OWASP Top 10 vulnerabilities, PCI DSS, ISO 27001, NIST, and other relevant security standards.
Education Bachelor's degree in computer science, Information Security, or a related field, or equivalent experience.
Experience At least 5 years of hands-on experience in IT security duties in financial services industry.
Strong understanding of security assessment methodologies and tools.
Knowledge of programming languages and secure coding practices.
Familiarity with CI/CD practices and tools, as well as container technologies.
Referrals increase your chances of interviewing at New Millenium Consulting by 2x.
Get notified about new Application Security Engineer jobs in New York, NY.
#J-18808-Ljbffr
Job Location: New York, New York
Job Type: Contract W-2 ( Hybrid 3 days onsite)
Key Focus : Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), OWASP Top 10, penetration testing, vulnerability assessments.
A global bank is seeking an Application Security Engineer to join our team. As DevSecOps Engineer / Application Security Specialist, you will ensure the security of our applications throughout the SDLC. You will work closely with development teams to implement secure coding practices, conduct security assessments, and address vulnerabilities. Your focus will be on integrating security into our development processes and collaborating with cross-functional teams to make security a key part of our workflow.
This role is technical and hands-on and requires a deep understanding of application security practices (SAST, SCA, DAST) and generally the secure software development lifecycle (SDLC).
Responsibilities
Conduct comprehensive security assessments of applications, including SAST, SCA, DAST, penetration testing, and vulnerability assessments.
Collaborate with development teams to perform threat modeling sessions, identifying and prioritizing potential threats and vulnerabilities in applications.
Provide training and guidance to developers on secure coding practices and the effective use of security tools.
Assist in the investigation and remediation of security incidents related to vulnerabilities.
Contribute to the development and maintenance of application security policies, standards, and procedures to ensure compliance with industry best practices.
Evaluate, implement, and manage CI/CD security tools (e.g., Jenkins, Azure) and security testing tools (e.g., Checkmarx, Qualys, JFrog Xray, Twistlock) to enhance the security posture of applications.
Work closely with cross-functional teams, including development, IT, and compliance, to ensure that security is integrated into the development process and is part of the CI/CD pipeline.
Maintain up-to-date documentation of security assessments, findings, and remediation efforts to ensure transparency and compliance.
Apply OWASP methodologies to secure web applications, APIs, mobile environments, CI/CD processes, and Large Language Models (LLMs).
Understand security controls, policies, and compliance frameworks, ensuring alignment with industry standards.
Qualifications
Expertise in SAST, SCA, DAST, penetration testing, and vulnerability assessments.
Skilled in identifying and prioritizing threats in collaboration with development teams.
Knowledge of secure coding practices, with proven experience in providing training to developers.
Expertise in threat modeling, security architecture reviews, and vulnerability assessments.
Proficient in investigating and remediating security incidents effectively.
Experience with CI/CD security tools (e.g., Jenkins, Azure DevOps) and security testing tools (e.g., Checkmarx, Qualys, JFrog Xray, Twistlock).
Knowledgeable in Cloud Architecture, particularly with AWS and Azure.
Familiarity with security best practices for container images, registries, networks, and runtimes.
Deep understanding of OWASP Top 10 vulnerabilities, PCI DSS, ISO 27001, NIST, and other relevant security standards.
Education Bachelor's degree in computer science, Information Security, or a related field, or equivalent experience.
Experience At least 5 years of hands-on experience in IT security duties in financial services industry.
Strong understanding of security assessment methodologies and tools.
Knowledge of programming languages and secure coding practices.
Familiarity with CI/CD practices and tools, as well as container technologies.
Referrals increase your chances of interviewing at New Millenium Consulting by 2x.
Get notified about new Application Security Engineer jobs in New York, NY.
#J-18808-Ljbffr