Senior Application Security Engineer
Employvision Inc.
New York, NY, United States
Full-time
We are seeking an experienced Security Architect to collaborate with product development, management, engineering, and operational teams to design and implement robust security architectures.
This role focuses on ensuring compliance with regulations (e.g., NYC Privacy Law, HIPAA, SHIELD Act) and meeting customer requirements while maintaining operational SLAs.
Key Responsibilities include :
- Collaborate with teams to define and implement security controls, best practices, and recommendations.
- Drive the adoption of Secure Development Lifecycle (SDL) processes, integrating security tools and methodologies into CI / CD pipelines.
- Assist in threat modeling, identifying potential application threats and vulnerabilities, and recommending effective mitigation strategies.
- Guide teams in addressing vulnerabilities through static / dynamic scans and propose automation for repeatable security tasks.
- Identify and implement technical solutions and security tools to mitigate risks and enhance automation.
Requirements :
- Strong knowledge of application security principles and industry standards (e.g., OWASP, SANS, NIST).
- Deep understanding of Secure Development Lifecycle (SDL), threat modeling, and risk assessments.
- Expertise in integrating security into CI / CD pipelines, DevOps, and DevSecOps practices.
- Proficient in designing and implementing API security and access control solutions (OAuth / SAML, Web SSO, AWS IAM, Federation).
- Ability to work independently and collaboratively in a fast-paced, agile environment focused on team success.
Qualifications :
- 3+ years of experience with security tools such as SD Elements, Veracode, Tenable, or Rapid7.
- Experience with ServiceNow integration for issue tracking is a plus.
- 10+ years of experience in Information Technology.
- 5+ years of experience in Application Development.
- 7+ years of experience in Security Engineering.
- Bachelor’s degree in Information Security / Systems or equivalent experience.
- CISSP / CCSP certification is preferred.
2 days ago