Public Partnerships | PPL
Application Security and DevSecOps Engineer
Public Partnerships | PPL, New York, New York, us, 10261
Application Security and DevSecOps Engineer
Join to apply for the
Application Security and DevSecOps Engineer
role at
Public Partnerships | PPL Application Security and DevSecOps Engineer
Join to apply for the
Application Security and DevSecOps Engineer
role at
Public Partnerships | PPL Get AI-powered advice on this job and more exclusive features. Direct message the job poster from Public Partnerships | PPL Technical Recruiter at Public Partnerships | PPL
Job Title: Application Security (AppSec) and DevSecOps Engineer Location:
[48 US States or Remote] Job Type:
[
Full-time
] Department:
Security Reports To:
[Director of Security Architecture & Engineering] Job Summary We are seeking an experienced and proactive
Application Security (AppSec) and DevSecOps Engineer
to embed security throughout the software development lifecycle and CI/CD pipelines. You will collaborate with development, operations, and security teams to design, implement, and maintain security best practices in our applications and infrastructure. This role ensures our systems are secure by design and compliant with industry standards, including HIPAA, SOC2, OWASP, NIST 800-53, and NIST SSDF. Key Responsibilities Secure SDLC Integration: Integrate security at every phase of the software development lifecycle. Collaborate with engineering and product teams in Agile/Scrum environments to prioritize, track, and remediate security issues during sprint cycles. Develop and maintain threat models and perform design reviews. Lead threat modeling sessions and conduct in-depth security architecture reviews. Educate development teams on secure coding practices. Contribute to secure backlog grooming and definition of security-related user stories and acceptance criteria. Actively support the organization’s secure software development lifecycle (SDLC) initiatives by integrating security controls, processes, and testing into development workflows and CI/CD pipelines. Integrate security testing tools (SAST, DAST, SCA, IaC scanning) into CI/CD pipelines. Automate security checks to ensure continuous compliance and early detection. Ensure integration of security scanning outputs into ticketing systems and development workflows for traceable remediation. Application Security: Perform and manage vulnerability assessments, code reviews, and penetration testing. Lead application-level penetration testing efforts, both internally and with external vendors. Remediate findings by working closely with developers and product teams. Facilitate and track remediation activities as part of security sprints. Monitor and manage third-party/open-source dependencies for known vulnerabilities. Conduct security code reviews using both automated and manual analysis techniques. Infrastructure & DevSecOps: Secure containerized environments (Docker, Kubernetes). Ensure cloud infrastructure security (AWS/GCP/Azure) using infrastructure-as-code (IaC) tools like Terraform or CloudFormation. Implement secrets management, identity and access control, and other cloud-native security features. Governance & Compliance: Contribute to security policies, standards, and compliance efforts (e.g., ISO 27001, SOC 2, NIST 800-53, GDPR). Ensure application security controls comply with HIPAA Security Rule safeguards (e.g., access control, audit logging, encryption). Support documentation and evidence collection for SOC 2 Type II audits and HIPAA security risk assessments. Map security activities and controls to NIST 800-53 and NIST SSDF frameworks. Support audit activities and create documentation for security controls. Required Qualifications Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience). 3–5+ years of experience in AppSec, DevSecOps, or related roles. Hands-on experience with security tools: SAST (e.g., Checkmarx, SonarCloud, Veracode), DAST (e.g., OWASP ZAP, Burp), SCA (e.g., Snyk, WhiteSource), and IaC scanners (e.g., tfsec, Checkov). Proficiency in CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions). Experience with scripting and automation (Python, Bash, etc.). Solid understanding of OWASP Top 10, secure coding, threat modeling, and secure design principles. Familiarity with containers and orchestration tools (Docker, Kubernetes). Experience working in regulated environments and ensuring security of applications that handle ePHI or sensitive data. Working knowledge of NIST 800-53 (Rev. 5), including AC, AU, SC, and SI control families. Familiarity with NIST SSDF principles and their implementation across the SDLC. Preferred Qualifications Certifications: OSCP, CISSP, CSSLP, CEH, or similar. Experience with cloud-native security in Azure, AWS, and GCP. Hands-on experience with NIST, HIPAA, and SOC 2 application security compliance, including security assessments and control implementation. Experience leading penetration testing engagements and managing remediation in collaboration with development teams. Experience with bug bounty programs or working with security researchers. Experience implementing or supporting a security champions program is a plus. Soft Skills Strong communication and collaboration skills. Ability to translate security risks to technical and non-technical stakeholders. Self-starter, adaptable, and capable of working independently and in teams. Seniority level
Seniority level Mid-Senior level Employment type
Employment type Full-time Job function
Job function Information Technology, Engineering, and Research Industries Financial Services, Technology, Information and Media, and Public Health Referrals increase your chances of interviewing at Public Partnerships | PPL by 2x Get notified about new Application Security Engineer jobs in
New York, United States . New York, NY $140,000.00-$185,000.00 1 week ago New York, NY $145,000.00-$260,000.00 8 months ago New York, NY $110,000.00-$240,000.00 4 months ago New York, NY $150,000.00-$175,000.00 2 months ago New York, NY $150,000.00-$260,000.00 5 months ago Software Engineer (L5), Content & Business Products
New York, NY $170,000.00-$720,000.00 4 days ago New York, NY $70,000.00-$150,000.00 5 months ago New York, NY $125,000.00-$137,000.00 1 week ago Don't fit another role but want us to consider you? Apply here...
New York, NY $120,000.00-$180,000.00 3 days ago New York, NY $125,000.00-$160,000.00 2 days ago New York, NY $190,000.00-$215,000.00 1 week ago New York, NY $125,280.00-$181,250.00 1 week ago New York, NY $140,000.00-$200,000.00 2 months ago New York, NY $110,000.00-$135,000.00 2 weeks ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Join to apply for the
Application Security and DevSecOps Engineer
role at
Public Partnerships | PPL Application Security and DevSecOps Engineer
Join to apply for the
Application Security and DevSecOps Engineer
role at
Public Partnerships | PPL Get AI-powered advice on this job and more exclusive features. Direct message the job poster from Public Partnerships | PPL Technical Recruiter at Public Partnerships | PPL
Job Title: Application Security (AppSec) and DevSecOps Engineer Location:
[48 US States or Remote] Job Type:
[
Full-time
] Department:
Security Reports To:
[Director of Security Architecture & Engineering] Job Summary We are seeking an experienced and proactive
Application Security (AppSec) and DevSecOps Engineer
to embed security throughout the software development lifecycle and CI/CD pipelines. You will collaborate with development, operations, and security teams to design, implement, and maintain security best practices in our applications and infrastructure. This role ensures our systems are secure by design and compliant with industry standards, including HIPAA, SOC2, OWASP, NIST 800-53, and NIST SSDF. Key Responsibilities Secure SDLC Integration: Integrate security at every phase of the software development lifecycle. Collaborate with engineering and product teams in Agile/Scrum environments to prioritize, track, and remediate security issues during sprint cycles. Develop and maintain threat models and perform design reviews. Lead threat modeling sessions and conduct in-depth security architecture reviews. Educate development teams on secure coding practices. Contribute to secure backlog grooming and definition of security-related user stories and acceptance criteria. Actively support the organization’s secure software development lifecycle (SDLC) initiatives by integrating security controls, processes, and testing into development workflows and CI/CD pipelines. Integrate security testing tools (SAST, DAST, SCA, IaC scanning) into CI/CD pipelines. Automate security checks to ensure continuous compliance and early detection. Ensure integration of security scanning outputs into ticketing systems and development workflows for traceable remediation. Application Security: Perform and manage vulnerability assessments, code reviews, and penetration testing. Lead application-level penetration testing efforts, both internally and with external vendors. Remediate findings by working closely with developers and product teams. Facilitate and track remediation activities as part of security sprints. Monitor and manage third-party/open-source dependencies for known vulnerabilities. Conduct security code reviews using both automated and manual analysis techniques. Infrastructure & DevSecOps: Secure containerized environments (Docker, Kubernetes). Ensure cloud infrastructure security (AWS/GCP/Azure) using infrastructure-as-code (IaC) tools like Terraform or CloudFormation. Implement secrets management, identity and access control, and other cloud-native security features. Governance & Compliance: Contribute to security policies, standards, and compliance efforts (e.g., ISO 27001, SOC 2, NIST 800-53, GDPR). Ensure application security controls comply with HIPAA Security Rule safeguards (e.g., access control, audit logging, encryption). Support documentation and evidence collection for SOC 2 Type II audits and HIPAA security risk assessments. Map security activities and controls to NIST 800-53 and NIST SSDF frameworks. Support audit activities and create documentation for security controls. Required Qualifications Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience). 3–5+ years of experience in AppSec, DevSecOps, or related roles. Hands-on experience with security tools: SAST (e.g., Checkmarx, SonarCloud, Veracode), DAST (e.g., OWASP ZAP, Burp), SCA (e.g., Snyk, WhiteSource), and IaC scanners (e.g., tfsec, Checkov). Proficiency in CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions). Experience with scripting and automation (Python, Bash, etc.). Solid understanding of OWASP Top 10, secure coding, threat modeling, and secure design principles. Familiarity with containers and orchestration tools (Docker, Kubernetes). Experience working in regulated environments and ensuring security of applications that handle ePHI or sensitive data. Working knowledge of NIST 800-53 (Rev. 5), including AC, AU, SC, and SI control families. Familiarity with NIST SSDF principles and their implementation across the SDLC. Preferred Qualifications Certifications: OSCP, CISSP, CSSLP, CEH, or similar. Experience with cloud-native security in Azure, AWS, and GCP. Hands-on experience with NIST, HIPAA, and SOC 2 application security compliance, including security assessments and control implementation. Experience leading penetration testing engagements and managing remediation in collaboration with development teams. Experience with bug bounty programs or working with security researchers. Experience implementing or supporting a security champions program is a plus. Soft Skills Strong communication and collaboration skills. Ability to translate security risks to technical and non-technical stakeholders. Self-starter, adaptable, and capable of working independently and in teams. Seniority level
Seniority level Mid-Senior level Employment type
Employment type Full-time Job function
Job function Information Technology, Engineering, and Research Industries Financial Services, Technology, Information and Media, and Public Health Referrals increase your chances of interviewing at Public Partnerships | PPL by 2x Get notified about new Application Security Engineer jobs in
New York, United States . New York, NY $140,000.00-$185,000.00 1 week ago New York, NY $145,000.00-$260,000.00 8 months ago New York, NY $110,000.00-$240,000.00 4 months ago New York, NY $150,000.00-$175,000.00 2 months ago New York, NY $150,000.00-$260,000.00 5 months ago Software Engineer (L5), Content & Business Products
New York, NY $170,000.00-$720,000.00 4 days ago New York, NY $70,000.00-$150,000.00 5 months ago New York, NY $125,000.00-$137,000.00 1 week ago Don't fit another role but want us to consider you? Apply here...
New York, NY $120,000.00-$180,000.00 3 days ago New York, NY $125,000.00-$160,000.00 2 days ago New York, NY $190,000.00-$215,000.00 1 week ago New York, NY $125,280.00-$181,250.00 1 week ago New York, NY $140,000.00-$200,000.00 2 months ago New York, NY $110,000.00-$135,000.00 2 weeks ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr