NYC Agency New York (Remote)
24 Months 24 Months Duration 35 Hours per Week
Job Description:
· Perform application security services including risk assessments, architecture reviews, and code review for internal and third-party applications
· Coordinate with developers, project teams, and third-party vendors to assess and guide secure software development and integration
· Provide consultative guidance during design, development, and deployment phase of new solutions
· Review threat models, validate security controls, and ensure alignment with security policies
· Review and interpret security testing reports and vulnerability findings, and assist with risk remediation strategies
· Contribute improvements in existing AppSec process, workflows, and documentation
· Participate in defining and expanding secure software development lifecycle practices across the organization
· Support the development and refinement of policy and governance documents related to software security
· Track and report on security metrics, status of findings, and overall risk trends
· Support management of tools, resources, and schedules for security testing
Requirements:
· At least 8 years of hands-on experience in application security, secure software development, or security consulting
· Experience conducting security reviews (code, design threat modeling, architecture) for modern applications (web, mobile, cloud-native)
· Strong knowledge of secure development practices, OWASP Top 10, and relevant standards
· Ability to communicate technical risks and recommendations clearly to technical and non-technical audiences
· Familiarity with tools used in code analysis, vulnerability scanning, and security testing
· Experience working cross-functionally with developers, engineers, and product teams
· Experience working within or alongside DevOps/CI-CD environments
· Familiarity with container security, API security, and cloud-native application architectures (AWS, Azure, GCP)
· Experience supporting security governance or policy development
· Experience with risk exception processes or helping define security risk tolerances
· Experience in large, complex organizations or government/public sector environment
· Experience with third-party risk assessments, vendor management, or SaaS reviews