Application Security Consultant

3 month contract role in Parsippany, NJ.  W2 Only (please No C2C / No Corp to Corp)

Client is seeking a professional to join the greater Information Security Team and help advance our enterprise application security program. This role will play a critical part in the design, build, and operation of security capabilities that protect Client's web, mobile, and cloud-native applications. The position requires broad application security experience across secure development practices, code analysis, cloud security, and production protection technologies. As a member of the Cybersecurity Team, the consultant will execute and mature the application security architecture and framework across development, cloud, and production environments.

The position will work directly with business application teams on secure design, code review oversight, release coordination, and production resilience. This role will formally represent the application security team in discussions involving new projects, architectures, and security control design, ensuring cybersecurity requirements are embedded early and consistently. Regular interaction with both technical and business personnel will be required to provide risk-based security analysis and recommendations that balance protection, performance, and delivery timelines.

The consultant will administer and optimize static code scanning solutions such as Checkmarx, ensure vulnerabilities are identified and remediated in alignment with OWASP Top Ten and broader industry risks, and collaborate closely with AWS engineering teams to secure Lambda functions and runtime resources. The role will also partner with change and release management to coordinate production code deployments from both security and reliability perspectives, while maintaining operational oversight of application-layer protection technologies.

Job Functions

• Lead application security design and implementation: Across web, mobile, and AWS cloud-native services, including secure architecture reviews, AWS Lambda and runtime resource protection, and integration of security controls into CI/CD pipelines. (30%)
• Administer and optimize static code scanning solutions: Such as Checkmarx, conduct vulnerability triage and remediation guidance aligned with OWASP Top Ten and broader application security risks, and validate security readiness prior to production release. (20%)
• Manage and enhance application-layer protection technologies: Including policy tuning, configuration updates, and detection improvements, ensuring protections remain effective without impacting performance or customer experience. (15%)
• Coordinate closely with change and release management: Align security controls with production deployment schedules, participate in go-live planning, and act in a Site Reliability Engineering capacity to ensure secure and stable releases. (15%)
• Represent the application security team: In project planning and architectural discussions, provide risk-based security analysis, and ensure cybersecurity requirements are embedded into design, development, and delivery decisions. (10%)
• Provide structured security reporting: Track remediation efforts, and support cross-functional project management activities to ensure application security initiatives are delivered on time and aligned with business objectives. (10%)

Requirements and Qualifications

• 3 years of offense and defense application security experience with demonstrated hands-on expertise in SAST and SCA tools such as Checkmarx and Synk, including findings triage, ruleset tuning, and managing vulnerability lifecycle across enterprise environments.
• Strong understanding of OWASP Top Ten and broader web and API vulnerabilities, including practical remediation techniques within enterprise environments.
• Knowledge of web and mobile application development and deployment methodologies.
• Hands-on experience securing AWS cloud environments, including Lambda, API Gateway, IAM, and S3, with experience operating cloud-native security platforms such as Orca Security, Wiz, or Prisma Cloud to surface and remediate risk across workloads and infrastructure.
• Ability to read and reason about code in languages such as Node.js, JavaScript, Java, or Python. Ability to sufficiently perform meaningful secure code review, validate SAST/SCA findings, and collaborate credibly with engineering teams on remediation.
• Experience working with change management and release governance processes within production environments.
• Strong project management and communication skills with the ability to represent cybersecurity requirements across technical and business stakeholders.
• Solid understanding of agile methodologies, DevSecOps practices, and CI/CD pipeline integration.
• Familiarity with security threat intelligence sources and how they inform application-layer defenses.
• Experience partnering with development teams to drive security remediation by running working sessions, building runbooks, and supporting secure coding adoption through a developer-first engagement model.