Hybrid Details: Parsippany, NJ - Hybrid

Duration: 3 months to start

Job Description:
Overview:
The organization is seeking an Application Security Consultant to support and advance its enterprise application security program. This role will focus on protecting web, mobile, and cloud-native applications by embedding security throughout the development lifecycle.

You’ll work closely with engineering, cloud, and business teams to ensure security is integrated into design, development, and production—balancing risk reduction with performance and delivery timelines.

What You’ll Do:
Application Security Architecture & Engineering (30%)

• Lead secure design and implementation across web, mobile, and AWS environments. Conduct architecture reviews and integrate security controls into CI/CD pipelines, with a focus on cloud-native services (including AWS Lambda).

• Administer and optimize SAST/SCA tools (e.g., Checkmarx, Snyk). Perform vulnerability triage, guide remediation efforts, and ensure alignment with OWASP Top Ten and industry best practices prior to release.

• Manage and enhance application-layer security controls. Tune policies, improve detection capabilities, and maintain strong protection without degrading performance or user experience.

• Partner with change and release management teams to support secure deployments. Participate in go-live planning and help ensure stability and resilience from a security perspective.

• Act as a trusted security partner in project planning and architecture discussions. Provide risk-based guidance and ensure security requirements are embedded early in the development lifecycle.

• Track vulnerabilities, report on remediation progress, and support cross-functional initiatives to drive application security maturity across the organization.

• Support automation of security testing and operational processes
• Contribute to documentation and operational runbooks
• Provide guidance or support for penetration testing and secure code reviews as needed
• Assist with developer education and secure coding practices

• 3+ years of hands-on application security experience (offensive and defensive)
• Strong experience with SAST/SCA tools such as Checkmarx and Snyk
• Deep understanding of OWASP Top Ten and common web/API vulnerabilities
• Experience securing AWS environments (Lambda, API Gateway, IAM, S3)
• Familiarity with cloud security platforms (e.g., Wiz, Orca, Prisma Cloud)
• Ability to read and analyze code (JavaScript, Node.js, Java, or Python)
• Experience integrating security into CI/CD pipelines and DevSecOps environments
• Understanding of change management and production release processes
• Strong communication skills with the ability to work across technical and business teams
• Experience working in Agile environments

• Experience with application-layer protection tools (WAF, RASP, etc.)
• Exposure to threat intelligence and its application to AppSec
• Experience running security working sessions or developer enablement programs