NEW JOB OPENING
APPLICATION SECURITY ENGINEER
IN New York, NY, USA!

 

Date Posted: 01/31/2025
Hiring Organization: Rose International
Position Number: 477466
Job Title: Application Security Engineer
Job Location: New York, NY, USA, 10016
Work Model: Hybrid
Shift: 9 AM to 5 PM EST (1st shift)
Employment Type: Temporary
Estimated Duration (In months): 6
Min Hourly Rate($): 70.00
Max Hourly Rate($): 80.00
Must Have Skills/Attributes: Application Security, AWS, CI/CD tools, DevOps, Software Development

 

Job Description
***Only qualified Application Security Engineer candidates located near the New York, NY/ Springfield, MA/ Boston, MA area to be considered due to the position requiring an onsite presence***



Required Education:

• Bachelor’s degree in computer science, Information Security, or a related field



Preferred Certifications:

• Relevant security certifications such as CEH, OSCP, CISSP, or GWAPT from an industry-recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA, ISC2, etc.)



Required Qualifications/Skills/Experience:

• 8+ years of experience in application security, penetration testing, or secure software development



Preferred Qualifications/Skills/Experience:

• Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis.

• Strong knowledge of application security vulnerabilities and best practices (e.g., OWASP Top 10, etc.)

• Experience in integrating security into DevOps (DevSecOps) and CI/CD environments.

• Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), containerized environments (Docker, Kubernetes), and API security.

• Hands-on experience with security tools such as SAST, DAST, SCA, IAST, and fuzzing tools.

• Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations.

• Advance understanding and experience with writing source code in at least one programming language (e.g., JavaScript, Java, C/C++/C#, Python, etc.) and familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.).

• Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes.

• Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers).

• Knowledge of encryption, authentication, and access control.

• Knowledge of compliance and regulatory frameworks (SOC 2, etc.).



The client is seeking a highly skilled and experienced Application Security Engineer to join our Application Security team to take charge and advance our application security initiatives while ensuring the security and integrity of our applications. You will drive security best practices, identify vulnerabilities, and implement solutions to protect our systems and data from evolving threats. This role will require collaboration with development teams, security architects, leadership, and other stakeholders to integrate security best practices into all stages of the software development lifecycle.



Application Security Engineer Overview:

Your key responsibilities will consist of the following to ensure applications are resilient against emerging threats, reducing potential financial and reputational damage from security incidents.

• Embed security best practices into the software development lifecycle (SDLC).

• Conduct in-depth security assessments, including vulnerability scanning, and code reviews.

• Leverage automated tools and manual testing techniques to identify, risk assess and prioritize and propose mitigation strategies for identified threats and application-level vulnerabilities (e.g., OWASP Top 10, etc.) ensuring our applications meet security standards and reducing exposure to data breaches.

• Collaborate with security architects to design secure application architectures that align with industry best practices.

• Conduct detailed threat modeling to identify attack vectors and potential weaknesses.

• Partner with DevOps teams to implement security within CI/CD (continuous integration & delivery) pipelines for automated and seamless deployment of secure code.

• Develop, configure, and maintain tools for static and dynamic application security testing (SAST/DAST).

• Evaluate third-party software and APIs for security compliance

• Assist in incident response activities related to application security breaches, providing rapid identification and mitigation guidance.

• Ensure compliance with security regulations, frameworks, and industry standards such as OWASP.

• Leverage reporting tools to demonstrate the overall risk through metrics (KPIs, KRIs, OKRs) of vulnerabilities and code defects to client’s cyber assets for various team leaders and executive leadership for risk prioritization and enablement of risk-based decision-making.



Preferred Locations: New York, NY/ Springfield, MA/ Boston, MA

Industry: Insurance

Estimated Start Date: 2/18/2025
  • **Only those lawfully authorized to work in the designated country associated with the position will be considered.**

  • **Please note that all Position start dates and duration are estimates and may be reduced or lengthened based upon a client’s business needs and requirements.**


 

Benefits:
For information and details on employment benefits offered with this position, please visit here. Should you have any questions/concerns, please contact our HR Department via our secure website.

California Pay Equity:
For information and details on pay equity laws in California, please visit the State of California Department of Industrial Relations' website here.

Rose International is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender (expression or identity), national origin, arrest and conviction records, disability, veteran status or any other characteristic protected by law. Positions located in San Francisco and Los Angeles, California will be administered in accordance with their respective Fair Chance Ordinances.

If you need assistance in completing this application, or during any phase of the application, interview, hiring, or employment process, whether due to a disability or otherwise, please contact our HR Department.

Rose International has an official agreement (ID #132522), effective June 30, 2008, with the U.S. Department of Homeland Security, U.S. Citizenship and Immigration Services, Employment Verification Program (E-Verify). (Posting required by OCGA 13/10-91.).

 

Apply Now

Send me a reminder to complete this application

 

About Rose

  • Founded in 1993
  • Office Locations Across the U.S.
  • 150+ Clients: Corporations and Government Agencies
  • Employee Oriented Company
  • Challenging Assignments Across the U.S.
  • Continuous Professional Development

I have been very pleased with my experience with Rose International. Everyone that I encountered was very helpful and courteous.

Stephanie, Consultant

My on-boarding with Rose was outstanding. The packets of information, the process, and great attention to detail each person gave me allowed me to get started quickly.I appreciated each person's friendly and helpful attitude.

Diana, Consultant

Your team at Rose International is always very helpful and responsive.

Barbara, Consultant

Working for Rose International was the most pleasant assignment I have ever had. They were always on top of situations when necessary, and very helpful. I was very proud to be an employee of Rose International, and would recommend anyone to try to work with them.

Melvon, Consultant

Any time I did have a question and called, the phone was always answered, and my question/concern was immediately resolved.

Sally, Consultant

EMPLOYEE COMMENTS

  • We want you to work with us, but don't take our word for it. Take a look at this sampling of employee comments. They speak for themselves.