application security engineer/remote

$124,800 - $135,179/Yr

Randstad - New York, NY

posted 16 days ago

Full-time - Mid Level
Remote - New York, NY
Administrative and Support Services

About the position

The Application Security Engineer position is a contract-to-hire role within a growing start-up in the healthcare sector. This fully remote opportunity involves joining a dynamic security team to enhance application security practices, conduct vulnerability assessments, and collaborate with development teams to ensure secure coding practices. The role emphasizes the importance of embedding security into the software development lifecycle (SDLC) and maintaining compliance with relevant security standards.

Responsibilities

  • Perform security assessments of web-based applications to identify vulnerabilities such as SQL injection, XSS, and CSRF.
  • Conduct secure code reviews and collaborate with developers to remediate security flaws.
  • Utilize security tools like SAST, DAST, SCA, and open-source tools to identify security issues.
  • Review and recommend enhancements for the SDLC process, providing structure for design phase reviews.
  • Create threat models for new features and applications to identify security risks during the design phase.
  • Collaborate with development teams, DevOps, and other stakeholders to embed security into the SDLC.
  • Assist in delivering security awareness training and workshops to development teams.
  • Maintain and contribute to security documentation, including policies, procedures, and guidelines, and generate regular reports on application security status.
  • Ensure applications comply with security standards and regulations, such as HIPAA.

Requirements

  • Proficient in programming languages such as React, Python, and PostgreSQL.
  • Proven experience in application security, including vulnerability assessments, design reviews, and threat modeling.
  • Strong understanding of web application architectures and common application security vulnerabilities.
  • Knowledge of application security frameworks, such as OWASP Top 10.
  • Familiarity with AWS or other cloud service providers.
  • Experience with modern container technologies and container security best practices.

Nice-to-haves

  • Relevant certifications such as CISSP, CEH, or CSSLP.

Benefits

  • Comprehensive benefits package including health insurance, an incentive and recognition program, and 401K contribution.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service