Droisys
Get AI-powered advice on this job and more exclusive features.
Droisys is an innovation technology company focused on helping companies accelerate their digital initiatives from strategy and planning through execution. We leverage deep technical expertise, Agile methodologies, and data-driven intelligence to modernize systems of engagement and simplify human/tech interaction.
Amazing things happen when we work in environments where everyone feels a true sense of belonging and when candidates have the requisite skills and opportunities to succeed. At Droisys, we invest in our talent and support career growth, and we are always on the lookout for amazing talent who can contribute to our growth by delivering top results for our clients. Join us to challenge yourself and accomplish work that matters.
Here are the job details
Job Title:
Application Security Engineer Duration:
12 Months Pay Rate:
$50/hr on W2 (Flexible) Key Responsibilities
Ability to identify, triage, and remediate issues such as injection flaws, insecure deserialization, and misconfigurations. Integrate and manage SAST and DAST tools within CI/CD pipelines. Collaborate with development teams to remediate vulnerabilities and enforce secure coding standards. Design and implement guardrails for AI-powered applications, mitigating risks like prompt injection, model inversion, and data poisoning. Develop and maintain security policies, procedures, and documentation. Conduct security assessments and provide actionable recommendations. Analyze complex problems and implement effective solutions or workarounds. Mentor junior engineers and promote security awareness across teams. Build and maintain CI/CD pipelines using tools like CloudBees, Jenkins, Buddy, UrbanCode, etc. Develop automation solutions using Python, Java, or PowerShell. Work with APIs, endpoints, and databases to develop integrated security solutions. Use IDEs such as Visual Studio, Visual Studio Code, Eclipse for secure development and debugging. Implement and manage GitHub Advanced Security features including code scanning, secret scanning, and Dependabot s. Apply extensive experience working with DevOps tools such as GitHub, including workflows, actions, and advanced workflow automation. Understand and remediate security vulnerabilities across multiple programming languages. Collaborate within an Agile team environment using Azure DevOps. Familiarity with OWASP Dependency-Check and similar tools to manage third-party risks. Required Qualifications
Minimum 8 years of experience in application security or software engineering with a security focus. At least 3 years of experience developing automation solutions using Python, Java, or PowerShell. Preferred Qualifications
Hands-on experience with SAST and DAST tools (e.g., Veracode, GitHub). Solid understanding of OWASP Top 10 and familiarity with SANS Top 25 vulnerabilities. Experience with AI security concepts and mitigation strategies. Experience with cloud-native security (AWS, Azure, GCP). Experience developing solutions that combine data from APIs, endpoints, and databases. Outstanding communication and strong analytical skills. Ability to function effectively in a globally diverse work environment. Clearly communicates risks, solutions, and security posture to technical and non-technical stakeholders. Experience with GenAI risk mitigation (e.g., prompt injection, data leakage). Knowledge of container security and infrastructure-as-code scanning. Certifications such as CISSP, OSCP, or GIAC are a plus. Droisys is an equal opportunity employer. We do not discriminate based on race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law. Droisys believes in diversity, inclusion, and belonging, and we are committed to fostering a diverse work environment.
#J-18808-Ljbffr
Application Security Engineer Duration:
12 Months Pay Rate:
$50/hr on W2 (Flexible) Key Responsibilities
Ability to identify, triage, and remediate issues such as injection flaws, insecure deserialization, and misconfigurations. Integrate and manage SAST and DAST tools within CI/CD pipelines. Collaborate with development teams to remediate vulnerabilities and enforce secure coding standards. Design and implement guardrails for AI-powered applications, mitigating risks like prompt injection, model inversion, and data poisoning. Develop and maintain security policies, procedures, and documentation. Conduct security assessments and provide actionable recommendations. Analyze complex problems and implement effective solutions or workarounds. Mentor junior engineers and promote security awareness across teams. Build and maintain CI/CD pipelines using tools like CloudBees, Jenkins, Buddy, UrbanCode, etc. Develop automation solutions using Python, Java, or PowerShell. Work with APIs, endpoints, and databases to develop integrated security solutions. Use IDEs such as Visual Studio, Visual Studio Code, Eclipse for secure development and debugging. Implement and manage GitHub Advanced Security features including code scanning, secret scanning, and Dependabot s. Apply extensive experience working with DevOps tools such as GitHub, including workflows, actions, and advanced workflow automation. Understand and remediate security vulnerabilities across multiple programming languages. Collaborate within an Agile team environment using Azure DevOps. Familiarity with OWASP Dependency-Check and similar tools to manage third-party risks. Required Qualifications
Minimum 8 years of experience in application security or software engineering with a security focus. At least 3 years of experience developing automation solutions using Python, Java, or PowerShell. Preferred Qualifications
Hands-on experience with SAST and DAST tools (e.g., Veracode, GitHub). Solid understanding of OWASP Top 10 and familiarity with SANS Top 25 vulnerabilities. Experience with AI security concepts and mitigation strategies. Experience with cloud-native security (AWS, Azure, GCP). Experience developing solutions that combine data from APIs, endpoints, and databases. Outstanding communication and strong analytical skills. Ability to function effectively in a globally diverse work environment. Clearly communicates risks, solutions, and security posture to technical and non-technical stakeholders. Experience with GenAI risk mitigation (e.g., prompt injection, data leakage). Knowledge of container security and infrastructure-as-code scanning. Certifications such as CISSP, OSCP, or GIAC are a plus. Droisys is an equal opportunity employer. We do not discriminate based on race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law. Droisys believes in diversity, inclusion, and belonging, and we are committed to fostering a diverse work environment.
#J-18808-Ljbffr