Attractivate Consulting Solutions
Application Security Specialist
Attractivate Consulting Solutions, Houston, Texas, United States, 77246
We are hiring an Application Security Specialist to be the day‑to‑day owner of application‑layer security across our entire product portfolio (web apps, APIs, mobile apps, desktop clients, and microservices). You’ll work closely with engineering, product, and DevOps teams to shift security left while keeping velocity high.
This role is ideal for someone who loves breaking and fixing things, writing code, and making developers’ lives easier through automation and education.
Key Responsibilities
Conduct threat modeling and security design reviews for new features and major refactors
Perform hands‑on secure code reviews (automated + manual) across Python, Go, TypeScript, Java, Kotlin, and React/React Native
Build, tune, and maintain SAST, DAST, SCA, and IAST tools in the pipeline (Semgrep, SonarQube, Checkmarx, Snyk, Burp Enterprise, Contrast, etc.)
Run internal red‑team exercises and coordinate external penetration tests
Manage and triage findings from our private bug bounty program on HackerOne
Create lightweight, actionable secure coding guidelines and deliver regular training
Drive remediation of vulnerabilities and track metrics (MTTR, escape rate, etc.)
Own software supply chain security (SBOM generation, dependency hardening, code signing)
Partner with compliance teams on SOC 2 Type II, ISO 27001, FedRAMP, and customer audits
Research new attack techniques and implement proactive defenses
Required Qualifications
3–8 years of direct application security or secure development experience
Strong understanding of modern web vulnerabilities (OWASP Top 10, API Top 10, OAuth/OpenID flaws, JWT issues, GraphQL insecurities, etc.)
Real‑world experience exploiting and fixing serious bugs (SSRF, IDOR, RCE, deserialization, etc.)
Hands‑on experience with Burp Suite Pro, sqlmap, Nuclei, ffuf, and similar tools
Proven ability to integrate security tools into CI/CD (GitHub Actions, GitLab CI, Jenkins, CircleCI)
Excellent written and verbal communication — you can write a clear finding that developers actually
Seniority level
Associate
Employment type
Full‑time
Job function
Information Technology
Industries
Oil and Gas
#J-18808-Ljbffr
This role is ideal for someone who loves breaking and fixing things, writing code, and making developers’ lives easier through automation and education.
Key Responsibilities
Conduct threat modeling and security design reviews for new features and major refactors
Perform hands‑on secure code reviews (automated + manual) across Python, Go, TypeScript, Java, Kotlin, and React/React Native
Build, tune, and maintain SAST, DAST, SCA, and IAST tools in the pipeline (Semgrep, SonarQube, Checkmarx, Snyk, Burp Enterprise, Contrast, etc.)
Run internal red‑team exercises and coordinate external penetration tests
Manage and triage findings from our private bug bounty program on HackerOne
Create lightweight, actionable secure coding guidelines and deliver regular training
Drive remediation of vulnerabilities and track metrics (MTTR, escape rate, etc.)
Own software supply chain security (SBOM generation, dependency hardening, code signing)
Partner with compliance teams on SOC 2 Type II, ISO 27001, FedRAMP, and customer audits
Research new attack techniques and implement proactive defenses
Required Qualifications
3–8 years of direct application security or secure development experience
Strong understanding of modern web vulnerabilities (OWASP Top 10, API Top 10, OAuth/OpenID flaws, JWT issues, GraphQL insecurities, etc.)
Real‑world experience exploiting and fixing serious bugs (SSRF, IDOR, RCE, deserialization, etc.)
Hands‑on experience with Burp Suite Pro, sqlmap, Nuclei, ffuf, and similar tools
Proven ability to integrate security tools into CI/CD (GitHub Actions, GitLab CI, Jenkins, CircleCI)
Excellent written and verbal communication — you can write a clear finding that developers actually
Seniority level
Associate
Employment type
Full‑time
Job function
Information Technology
Industries
Oil and Gas
#J-18808-Ljbffr