Collaborate with product and IT engineering teams to design secure applications and features.
Educate developers on secure coding practices and security testing.
Serve as a subject matter expert on internal application security and SDLC controls.
Conduct code reviews, threat models and risk assessments to identify and mitigate vulnerabilities early.
Perform internal penetration testing and support incident response for application-level issues.
Continuously monitor the threat landscape to proactively adjust defenses and strategies.
Develop and implement tools and frameworks to integrate security into CI/CD pipelines.
Work with teams to build and enforce secure SDLC controls in a fast-paced agile environment.
Own and enhance application vulnerability management and remediation processes.
Lead implementation of security policies, standards and remediation processes.
Work cross-functionally to balance security risks with business objectives and product timelines.
Participate in security incident response, forensic investigations and security incident postmortems related to applications and systems.

Requirements

5+ years of experience in application security, secure software development, or related roles.
Bachelor’s degree in Computer Science or related field, or equivalent experience.
Proficiency in secure coding practices and languages such as TypeScript, Node, Python, Java, C++ or similar.
Ability to contribute code changes to production applications as needed, including debugging, fixing security vulnerabilities, and collaborating with engineering teams on secure feature development.
Hands-on experience with application security tools (e.g., Burp Suite, OWASP ZAP, Fiddler).
Deep understanding of web application vulnerabilities: XSS, CSRF, SQLi, session management, etc.
Experience implementing security in CI/CD pipelines such as GitHub Action and agile development workflows.
Familiarity with management and deployment of SAST, DAST, and SCA tooling.
Knowledge of authentication technologies (i.e. Auth0, Okta, etc) and how to securely integrate them with applications.
Strong communication skills with ability to clearly articulate risk to technical and non-technical audiences.
Please note: candidates located within a 75-minute commute of our NYC office are expected to work onsite 4 days/w

Benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application securitysecure software developmentsecure coding practicesTypeScriptNodePythonJavaC++CI/CD pipelinesweb application vulnerabilities

Soft Skills

communication skillscollaborationrisk assessmentleadershipproblem-solving