Senior Application Security Engineer in New York

Energy Jobline
New York, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

New York, United States of America

Tech stack

ASP.NET
Java
.NET
Artificial Intelligence
Amazon Web Services (AWS)
Azure
Burp Suite
C Sharp (Programming Language)
Static Program Analysis
Java Development Kit
Maven
Open Source Technology
Open Web Application Security
Systems Development Life Cycle
Secure Coding
Software Engineering
SonarQube
Software Vulnerability Management
Software Security
Checkmarx
Static Application Security Testing
Vulnerability Analysis

Job description

  • esPerform manual and tool-assisted secure code reviews across Java and C#/.NET applicatio
  • nsAnalyse and triage vulnerabilities in open-source libraries and frameworks (CVE analysi
  • s)Assess applications against OWASP Top 10 and identify exploitable security issu
  • esProvide developers with actionable remediation guidance and architectural recommendatio
  • nsUse AI-assisted code analysis tools to accelerate vulnerability detection and validate findin
  • gsSupport vulnerability management, risk assessments, and compensating controls such as WAF rul
  • esResearch emerging open-source vulnerabilities and produce mitigation guidan

Requirements

My client is seeking a Senior Security Engineer to join their Application Security practice. This role is ideal for a hands-on AppSec professional with a strong software development background and deep experience performing secure code reviews, analysing CVEs, and working with SAST and SCA tools in real production environments, * llsHands-on experience with SAST and/or SCA tools (e.g. Checkmarx, SonarQube, Black Du

  • ck)Real-world experience performing CVE analysis and exploitability tri
  • ageStrong Java proficiency (JDK 8-21, Spring, Maven/Grad
  • le)Ability to review and understand complex codebases written by oth
  • ersSolid understanding of OWASP Top 10 and secure coding princip
  • les8+ years in software development, application security, or b

oth Sk

  • illsC#/.NET and ASP.NET Core experi
  • enceDAST tools such as Burp Suite or OWASP
  • ZAPExperience writing or validating WAF r
  • ulesSecure SDLC, threat modelling, or security champion progra
  • mmesConsulting or professional services backgr
  • oundCloud application security experience (AWS, Azure, or
  • GCP)Certifications such as CSSLP, GWEB, GPEN, or

Apply for this position