Application Security Engineer

Franklin Fitch • Full-time • New York City Metropolitan Area, US • $175k - $185k / year • 3w ago

We are partnered with a global financial services firm who are going through a large-scale transformational phase which has created the need for an experienced Application Security Engineer to join the firm. The successful Application Security Engineer will focus on both enhancing developer experience and implementing best practices for securing applications.

What does the role involve?

Security Interface: Act as a bridge between development teams and information security, addressing and resolving security challenges faced during the development lifecycle.
Collaborative Development: Work closely with developers and team leaders to enhance security across applications and improve the overall security posture.
Lead Security Solutions: Spearhead the integration and management of tools like Trufflehog, Contrast Security, Panoptica, and GitLab, ensuring the proper security measures are in place.
Lifecycle Security Integration: Partner with developers to ensure that security practices are embedded at every stage of the software development cycle.
Compliance & Frameworks: Build and enforce frameworks to ensure security best practices are adhered to, including but not limited to SBOM, fuzz testing, and code coverage.
Monitoring & Data Logging: Lead the implementation of logging and monitoring systems, using tools like Sumo Logic and Datadog to keep a constant check on application security.
Open Source Oversight: Oversee open-source security practices, managing policies and conducting infosec reviews to mitigate potential risks.
Incident Management: Play an active role in identifying, containing, and mitigating security incidents in a timely manner.
Regulatory Compliance: Ensure the company remains compliant with relevant laws and regulations like GDPR and DORA.

What Skills Are We Looking For?

Education: A degree in Information Security, Computer Science, or a related field, or comparable professional experience.
Experience: At least five years in the application security domain, with a focus on ensuring developer-centric security practices.
Certifications: Required security certifications such as Security+ or CCSP, with additional certifications being a plus.
Cloud Experience: Must hold one cloud certification (e.g., Azure Architect, AWS DevOps Engineer, etc.).
Security Framework Experience: Proven experience implementing security tools in complex environments.
Development Skills: Fluency in at least one of these programming languages: Python, Java, .Net, or JavaScript.
Cloud & Kubernetes: Experience with cloud environments (Azure, AWS) and containerization tools like Kubernetes (K8S).