Application Security Engineer

Location : Springfield, MA or Boston, MA or NYC, NY (Hybrid role and look for nearby candidates)

W2 Candidates (with minimum validity of 12 months)

Must have: Application security, Relevant security certifications, Devops, OWASP

1 Junior role

1 Senior role

Description:

Skills:

Bachelor's or master's degree in computer science, Information Security, or a related field.

Minimum of 5+ years of experience in application security, penetration testing, or secure software development.

The Ideal Qualifications

Relevant security certifications such as CEH, OSCP, or GWAPT) from an industry recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA, ISC2, etc.) Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis.

Experience in integrating security into DevOps (DevSecOps) and CI/CD environments.

Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), container security, and API security.

Familiarity with SAST, DAST, and IAST tools.

Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations.

Advanced understanding and experience with writing source code (e.g., JavaScript, Java, C/C /C , Python, etc.) and familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.).

Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes.

Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers).

Knowledge of compliance and regulatory frameworks (SOC 2, etc.).