Application Security Engineer

A financial firm is looking for an Application Security Engineer to join their team in Iselin, NJ or NYC.

Compensation: $150-200k

Responsibilities:

• Perform Application Security scans (e.g. DAST and SCA) on applications and APIs to identify security vulnerabilities and weaknesses
• Triage security findings and collaborate with development teams to prioritize and remediate identified vulnerabilities
• Drive threat modelling as a standard part of the SDLC, and develop and maintain threat models for critical applications, identifying potential security risks and proposing mitigations
• Drive the Security Champions program, and define and promote secure coding practices, patterns, and standards across development teams
• Conduct security reviews and provide guidance on security requirements for new features and projects
• Assist in the analysis, selection and rollout of new application security tools, processes, and standards

Qualifications:

• Proven experience in application security with a focus on application security testing and vulnerability management
• Hands-on experience with Application Security tools
• Strong understanding of common application vulnerabilities (e.g., OWASP Top 10) and mitigation techniques
• Experience with threat modelling methodologies and tools
• Proficiency in at least one programming language (e.g., Java, Python, JavaScript)
• Excellent communication and collaboration skills, with the ability to work effectively in cross functional teams
• Strong understanding of risk management
• Degree in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent)
• Relevant security certifications (e.g. CISSP, CEH, CSSLP) or equivalent is preferred