Application Security Engineer

Overview Location: Hybrid – Brooklyn, NY Salary: $125,000 - $140,000 We are seeking an Application Security Engineer who will support our client with ensuring security is integrated into all stages of software development. This role will be responsible for designing and building secure applications while working closely with application administrators who manage security tools and CI/CD pipelines. The ideal candidate for this role will have strong application development experience with a demonstrated understanding of web and mobile application architecture and security protocols. Duties Establish and apply secure coding practices within the development team. Define and enforce secure coding standards for Java, .NET, Python, and JavaScript applications. Conduct secure design and architecture reviews for new and legacy systems. Educate developers on secure coding practices, authentication/authorization best practices, and common application vulnerabilities. Apply protections aligned with: OWASP Top 10 OWASP API Security Top 10 Design and implement secure REST APIs and web services. Implement secure authentication/authorization using: SAML2 OIDC OAuth2 Secure Java and JavaScript applications, including: Spring Boot React Ensure secure handling of tokens, sessions, and secrets. Collaborate with App Admins and Security team to integrate applications into WAFs, load balancers, and other security monitoring tools Mandatory Qualifications Associates Degree or combination of experience and education. 4+ years of experience in secure application development. 1+ year of experience with hands-on software development experience. 4+ years demonstrating an understanding of: Web and mobile application architecture Internet protocols (HTTP, HTTPS, WebSockets) REST API security Expertise in SAST, DAST, and SCA concepts (understanding results and remediation), in collaboration with App Admins. Familiarity with security tools such as Veracode, Burp Suite, Zimperium, Prisma, Rapid7. Experience applying NIST 800-53 and controls at the application design level. Strong analytical, troubleshooting, and problem-solving skills. Ability to work independently within a development-focused team. Desirable Qualifications Experience with containerized applications (Docker, Kubernetes). Knowledge of: Core Java, J2EE, Spring Boot React, AngularJS, HTML5, CSS, JavaScript Experience designing secure GIS systems. Familiarity with public safety or emergency response systems. Cloud and Things complies with all applicable federal, state, and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other category protected by applicable federal, state, or local laws. #J-18808-Ljbffr