| Direct End-client Req. ::: Need for Certified Sr. Application Security Engineer - Lev.3, New York, NY - 100% On-site at New York, New York, USA |
| Email: [email protected] |
|
Hello Associates, Position: Certified Senior Application Security Engineer Lev.3 Work Location: 100% On-site Duration: 12 months Rate: Quote your best Resource MUST provide Three (3) Professional References; Work Authorization & Valid Photo ID (no exceptions on this). Local or Nearby Consultants will be given Highest Preference . Tasks and Responsibilities: Perform comprehensive cybersecurity risk analysis, identifying and prioritizing risks specifically related to application security. Develop, socialize, and implement security strategies to address vulnerabilities in web applications, microservices, APIs, and mobile applications. Track and manage progress against security plans, ensuring timely remediation of identified vulnerabilities. Lead the security implementation in application development projects, ensuring "secure by design" practices. Create and maintain architecture diagrams, outlining secure communication flows, and develop both high-level and low-level security design documents. Troubleshoot and resolve application security issues in collaboration with internal teams and external vendors. Translate application compliance requirements into specific security controls, recommending compensating measures where appropriate. Regularly report on the organizations security posture, with a focus on application vulnerabilities, to senior management. Perform/coordinate application vulnerability assessments and ensure timely remediation in collaboration with the Development, IT, and Systems teams. Implement secure coding practices, perform static and dynamic application security testing (SAST/DAST), and support developers with secure code reviews. Monitor security incidents and respond to application-level threats, ensuring quick resolution of potential vulnerabilities. Establish and enforce secure configurations for applications and their underlying infrastructure, such as databases and APIs. Perform threat simulations to detect risks and recommend improvements for securing application designs, API security, identity management, and access control measures. Collaborate with teams to ensure continuous integration and continuous deployment (CI/CD) pipelines incorporate security controls. Must Have Skills: Minimum 12+ years of experience in application security , with conducting vulnerability assessments, penetration testing, and secure code reviews. Extensive experience in Secure Application Development , including security frameworks like OWASP Top 10 , and able to guide development teams in implementing secure coding practices. Proficiency in Software Composition Analysis ( SCA ) tools (e.g., Veracode, AppSec) for identifying and managing vulnerabilities in Open-source libraries and 3rd party components. Advanced knowledge of static and dynamic application security testing ( SAST/DAST ) tools (e.g., Veracode, AppSec, Burp Suite) and integrating them into CI/CD pipelines for automated security checks. Cloud security expertise, including securing applications and workloads on AWS, Azure, or GCP, and experience with Web Application Firewalls (WAF) and cloud-native security services. Knowledge of compliance standards like NIST, PCI-DSS, and GDPR and how they apply to application security. Advanced cloud security experience like securing cloud environments (AWS, Azure, GCP) with tools like WAF and implementing IAM, encryption, monitoring etc. Experience with scripting and automation using Python, Bash, or Power. Strong communication skills with Ability to effectively explain complex security concepts and risks to both technical and non-technical stakeholders. Highly organized with excellent analytical, problem solving and decision-making skills. One more required Certifications : Certified Information Systems Security Professional ( CISSP ), Certified Ethical Hacker ( CEH ), Certified Cloud Security Professional ( CCSP ), GIAC Web Application Penetration Tester ( GWAPT ). Thanks, Ram M. Global IT Solutions USI Inc. Phone: (718) 676-9625 Ext. 205 Mobile: (847) 769-0850 Fax : (718) 377-2527 E-mail: [email protected] http://www.gitsus.com An E-Verify Company Certified Minority-owned Business Enterprise ( MBE ) New York City ( NYC ), New York State ( NYS ) and The Port Authority of New York & New Jersey ( PANYNJ ) Note: We respect your online privacy. This is not an unsolicited e-mail. If you are not interested in receiving our e-mails then please reply with a "REMOVE" in the subject line. All removal requests will be honored ASAP. We sincerely apologize for any inconvenience caused to you. Keywords: continuous integration continuous deployment information technology Idaho New York Direct End-client Req. ::: Need for Certified Sr. Application Security Engineer - Lev.3, New York, NY - 100% On-site [email protected] |
| [email protected] View All |
| 08:50 PM 27-Feb-25 |