The Application Security Engineer ensures security in software development, focusing on secure coding practices, securing applications, and enabling secure, compliant software for various systems.
Job Title: Application Security Engineer
Location: Brooklyn NY 11201 (The position will be 3-day onsite hybrid)
Duration: 12 months+
Years of Experience: 10+ Years
Required Hours/Week: 35Hours/Week
Note:
- local candidates only & F2F Interview
Job Overview:
- The Application Security Engineer is embedded within the Application Development team and ensures security is integrated into all stages of software development. The role focuses on designing and building secure applications while working closely with application administrators who manage security tools and CI/CD pipelines.
- This position is responsible for enabling developers to produce secure, resilient, and compliant software for web, mobile, API, GIS, and cloud-based systems supporting Fire, EMS, and administrative operations.
Responsibilities:
1. Secure Software Development
- Establish and apply secure coding practices within the development team.
- Define and enforce secure coding standards for Java, .NET, Python, and JavaScript applications.
- Conduct secure design and architecture reviews for new and legacy systems.
- Educate developers on secure coding practices, authentication/authorization best practices, and common application vulnerabilities.
Apply protections aligned with:
o OWASP Top 10
o OWASP API Security Top 10
2. Application & API Security
- Design and implement secure REST APIs and web services.
Implement secure authentication/authorization using:
o SAML2
o OIDC
o OAuth2
Secure Java and JavaScript applications, including:
o Spring Boot
o React
- Ensure secure handling of tokens, sessions, and secrets.
- Collaborate with App Admins and Security team to integrate applications into WAFs, load balancers, and other security monitoring tools.
Mandatory Qualifications:
- Minimum 4+ years in secure application development.
- Prior hands-on software development experience.
Strong understanding:
o Web and mobile application architecture
o Internet protocols (HTTP, HTTPS, WebSockets)
o REST API security
- Expertise in SAST, DAST, and SCA concepts (understanding results and remediation), in collaboration with App Admins.
- Familiarity with security tools such as Veracode, Burp Suite, Zimperium, Prisma, Rapid7.
- Experience applying NIST 800-53 and 800-171 controls at the application design level.
- Strong analytical, troubleshooting, and problem-solving skills.
- Ability to work independently within a development-focused team.
Preferred Qualifications:
- Experience with containerized applications (Docker, Kubernetes).
Knowledge:
o Core Java, J2EE, Spring Boot
o React, AngularJS, HTML5, CSS, JavaScript
- Experience designing secure GIS systems.
- Familiarity with public safety or emergency response systems.
Peer Consulting Resources Inc. Princeton, New Jersey, USA Office
20 Jefferson Plaza, Princeton, NJ, United States, 08540
Similar Jobs
Artificial Intelligence • Information Technology • Software
As an Application Security Engineer, you will conduct security reviews, assess product architecture, identify vulnerabilities, and implement strategic security initiatives across Palantir's products.
Top Skills:
CodeqlGoJavaJavaScriptPython
Software
The Application Security Engineer integrates security into software development by establishing secure coding practices and collaborating on secure application architecture across various platforms.
Top Skills:
.NetBurp SuiteDockerJavaJavaScriptKubernetesOauth2OidcPrismaPythonRapid7ReactSaml2Spring BootVeracodeZimperium
Software
The Application Security Engineer integrates security into software development, establishing secure coding practices and protecting applications across various platforms and systems.
Top Skills:
.NetBurp SuiteDockerJavaJavaScriptKubernetesNist 800-171Nist 800-53Oauth2OidcPrismaPythonRapid7ReactSaml2Spring BootVeracodeZimperium
What you need to know about the NYC Tech Scene
As the undisputed financial capital of the world, New York City is an epicenter of startup funding activity. The city has a thriving fintech scene and is a major player in verticals ranging from AI to biotech, cybersecurity and digital media. It also has universities like NYU, Columbia and Cornell Tech attracting students and researchers from across the globe, providing the ecosystem with a constant influx of world-class talent. And its East Coast location and three international airports make it a perfect spot for European companies establishing a foothold in the United States.
Key Facts About NYC Tech
- Number of Tech Workers: 549,200; 6% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Capgemini, Bloomberg, IBM, Spotify
- Key Industries: Artificial intelligence, Fintech
- Funding Landscape: $25.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Greycroft, Thrive Capital, Union Square Ventures, FirstMark Capital, Tiger Global Management, Tribeca Venture Partners, Insight Partners, Two Sigma Ventures
- Research Centers and Universities: Columbia University, New York University, Fordham University, CUNY, AI Now Institute, Flatiron Institute, C.N. Yang Institute for Theoretical Physics, NASA Space Radiation Laboratory
