Application Security Specialist

PRI Global

Irving, TX

JOB DETAILS
SKILLS
Amazon Web Services (AWS), Analysis Skills, Applications Security, Atlassian JIRA, Automation, CISSP - Certified Information Systems Security Professional, Change Management, Coaching, Code Reviews, Community of Practice (CoP), CompTIA Security+, Computer Hacking, Computer Security, Continuous Deployment/Delivery, Continuous Integration, Cross-Functional, DevOps, Firewalls, GitHub, HP WebInspect, IBM Rational AppScan, Intrusion Detection Systems, Intrusion Prevention Systems, Jenkins, Leadership, Metrics, Microsoft Product Family, Microsoft Windows Azure, Nessus, Network Security, Network Testing, Penetration Testing, Performance Metrics, Power BI, Product Lifecycle, Project Management Professional (PMP), Project/Program Management, Reporting Dashboards, Risk, Risk Management, ScrumMaster, Secure Coding, Security Architecture, ServiceNow, Software Development, Software Patches, Splunk, Static Analysis, Test Tools, Threat Modeling, Training/Teaching Curriculum, VPN (Virtual Private Network)
LOCATION
Irving, TX
POSTED
3 days ago
Job Title:Application Security Specialist

Location:Irving, TX/ Iselin, NJ/ Charlotte, NC - Hybrid Role

FTC/FTE Role

 

Job Description: Look for someone who has Application Security experience, has worked closely with software developers, conducted threat modeling and secure coding activities, integrated security tools into CI/CD pipelines, and ideally built or led a Security Champions Program or Community of Practice. Leadership, enablement, training, and influencing engineering teams are more important than deep penetration testing or network security experience.

 

Here are some key points that can help you spot a difference between a good candidate for this role:

 

Must-Have Experience Areas

You can confirm the candidate has experience in at least 4–5 areas of these:

Area

Required

Application Security

Yes

Threat Modeling

Yes

Secure Coding

Yes

Developer Coaching

Yes

Security Testing Tools

Yes

CI/CD Security

Yes

Security Governance

Preferred

Security Champion Program

Strongly Preferred

Compliance Reporting

Preferred

Metrics & Dashboards

Preferred

 

 

1. Must-Have Resume Keywords

A strong resume should contain several of these terms:

Application Security

• Application Security (AppSec)

• Secure SDLC (SSDLC)

• Secure Development Lifecycle

• DevSecOps

• Secure Design

• Secure Coding

• Security Architecture

• Security Review

Threat Modeling & Developer Coaching

• Threat Modeling

• STRIDE

• Security Champions

• Developer Enablement

• Security Training

• Secure Coding Training

• Security Awareness

• Coaching Developers

• Security Workshops

CI/CD & Automation

• CI/CD Security

• DevSecOps

• Security Gates

• Pipeline Security

• Compliance Automation

• Security Controls

• Continuous Security Testing

Security Testing Tools

• SAST

• DAST

• SCA

• Static Analysis

• Dynamic Testing

• Software Composition Analysis

• Vulnerability Management

Governance & Metrics

• Security Metrics

• KPIs

• Dashboards

• Compliance Reporting

• Risk Management

• Risk Register

• Governance

• Security Controls

Collaboration

• Cross-Functional Leadership

• Stakeholder Management

• Program Management

• Change Management

• Community of Practice (CoP)

• Security Champion Program

________________________________________

2. Tools That Should Appear on Resume

Look for at least some of these:

SAST

• Checkmarx

• Veracode

• Fortify

• SonarQube

• Coverity

DAST

• Burp Suite

• AppScan

• WebInspect

SCA

• Black Duck

• Snyk

• Mend (WhiteSource)

CI/CD

• Jenkins

• GitHub Actions

• GitLab CI/CD

• Azure DevOps

Dashboards

• Power BI

• Grafana

• Splunk

Collaboration

• ServiceNow

• Confluence

• Jira

• Microsoft Teams

________________________________________

3. High-Value Phrases

These are the phrases that should immediately catch a your attention:

• "Built Security Champion Program"

• "Led Application Security Community of Practice"

• "Coached development teams on secure coding"

• "Conducted threat modeling sessions"

• "Integrated security controls into CI/CD pipelines"

• "Established AppSec KPIs and dashboards"

• "Drove security adoption across engineering teams"

• "Partnered with application owners to remediate vulnerabilities"

• "Performed secure code reviews"

• "Developed AppSec training curriculum"

• "Enabled security adoption across multiple business units"

• "Acted as liaison between development and security teams"

________________________________________


5. Red Flags (Reject or Lower Priority)

Pure Infrastructure Security

Resume focused mainly on:

  • Firewalls
  • Network Security
  • VPN
  • IDS/IPS
  • SOC Operations

Not a fit.

Pure Vulnerability Management

Only:

  • Nessus scans
  • Patch management
  • Server vulnerability remediation

Not enough AppSec depth.

Pure Penetration Tester

Only:

  • Ethical hacking
  • Red teaming
  • Bug bounty

May lack program leadership and developer enablement.

Pure DevOps Engineer

Only:

  • Kubernetes
  • Terraform
  • AWS deployment

Need AppSec ownership and security leadership.


6. Certifications to Prioritize

Strong:

  • CSSLP
  • CISSP
  • CRISC

Good:

  • GWAPT
  • GWEB
  • CASE
  • Security+

Nice to Have:

  • Scrum Master
  • SAFe
  • PMP

About the Company

P

PRI Global