Applications Security Consultant
Software Guidance & Assistance, Inc. (SGA, Inc.) · Parsippany, NJ · 3 wk ago
HybridOTHRFull-time
Responsibilities
- Lead application security design and implementation across web, mobile, and AWS cloud-native services, including secure architecture reviews, AWS Lambda and runtime resource protection, and integration of security controls into CI/CD pipelines.
- Administer and optimize static code scanning solutions such as Checkmarx, conduct vulnerability triage and remediation guidance aligned with OWASP Top Ten and broader application security risks, and validate security readiness prior to production release.
- Manage and enhance application-layer protection technologies, including policy tuning, configuration updates, and detection improvements, ensuring protections remain effective without impacting performance or customer experience.
- Coincide closely with change and release management to align security controls with production deployment schedules, participate in go-live planning, and act in a Site Reliability Engineering capacity to ensure secure and stable releases.
- Represent the application security team in project planning and architectural discussions, provide risk-based security analysis, and ensure cybersecurity requirements are embedded into design, development, and delivery decisions.
- Provide structure and security reporting, track remediation efforts, and support cross-functional project management activities to ensure application security initiatives are delivered on time and aligned with business objectives.
- Devise methods to automate security testing activities or streamline operational processes, where applicable.
- Improve and document operational and troubleshooting procedures to support long-term maintainability.
- Perform or support activities such as penetration testing, secure code reviews, or developer training when specialized coverage is needed, but not as a primary responsibility.
Requirements
- 3+ years of offense and defense application security experience with demonstrated hands-on expertise in SAST and SCA tools such as Checkmarx and SNYK, including findings triage, ruleset tuning, and managing vulnerability lifecycle across enterprise environments.
- A strong understanding of OWASP Top Ten and broader web and API vulnerabilities, including practical remediation techniques within enterprise environments.
- Hands-on experience securing AWS cloud environments, including Lambda, API Gateway, IAM, and S3, with experience operating cloud-native security platforms such as Orca Security, Wiz, or Prisma Cloud to surface and remediate risk across workloads and infrastructure.
- Ability to read and reason about code in languages such as Node.js, JavaScript, Java, or Python. Ability to sufficiently perform meaningful secure code review, validate SAST/SCA findings, and collaborate credibly with engineering teams on remediation.
- Experience working with change management and release governance processes within production environments.
- Strong project management and communication skills with the ability to represent cybersecurity requirements across technical and business stakeholders.
- Solid understanding of agile methodologies, DevSecOps practices, and CI/CD pipeline integration.
- Familiarity with security threat intelligence sources and how they inform application-layer defenses.
- Experience partnering with development teams to drive security remediation by running working sessions, building runbooks, and supporting secure coding adoption through a developer-first engagement model.