Application Security Engineer

Our goal is to solve problems and deliver results for our clients. At Cloud and Things, you can be a part of transforming the public sector’s IT environment. Our team is on the forefront of helping to solve the government''s most complex IT challenges. If you are seeking a role that offers the opportunity to work on rewarding projects, consider a career with Cloud and Things.  

*This is an exempt position. Salary commensurate with experience*

Overview:
Location: Hybrid – Brooklyn, NY
Salary: $125,000 - $140,000

We are seeking an Application Security Engineer who will support our client with ensuring security is integrated into all stages of software development. This role will be responsible for designing and building secure applications while working closely with application administrators who manage security tools and CI/CD pipelines. The ideal candidate for this role will have strong application development experience with a demonstrated understanding of web and mobile application architecture and security protocols.

Duties:

• Establish and apply secure coding practices within the development team.
• Define and enforce secure coding standards for Java, .NET, Python, and JavaScript applications.
• Conduct secure design and architecture reviews for new and legacy systems.
• Educate developers on secure coding practices, authentication/authorization best practices, and common application vulnerabilities.
• Apply protections aligned with:
  • OWASP Top 10
  • OWASP API Security Top 10
• Design and implement secure REST APIs and web services.
• Implement secure authentication/authorization using:
  • SAML2
  • OIDC
  • OAuth2
• Secure Java and JavaScript applications, including:
  • Spring Boot
  • React
• Ensure secure handling of tokens, sessions, and secrets.
• Collaborate with App Admins and Security team to integrate applications into WAFs, load balancers, and other security monitoring tools

• Associates Degree or combination of experience and education.
• 4+ years of experience in secure application development.
• 1+ year of experience with hands-on software development experience.
• 4+ years demonstrating an understanding of:
  • Web and mobile application architecture
  • Internet protocols (HTTP, HTTPS, WebSockets)
  • REST API security
• Expertise in SAST, DAST, and SCA concepts (understanding results and remediation), in collaboration with App Admins.
• Familiarity with security tools such as Veracode, Burp Suite, Zimperium, Prisma, Rapid7.
• Experience applying NIST 800-53 and 800-171 controls at the application design level.
• Strong analytical, troubleshooting, and problem-solving skills.
• Ability to work independently within a development-focused team.

• Experience with containerized applications (Docker, Kubernetes).
• Knowledge of:
  • Core Java, J2EE, Spring Boot
  • React, AngularJS, HTML5, CSS, JavaScript
• Experience designing secure GIS systems.
• Familiarity with public safety or emergency response systems.

• Analyzing resumes against job requirements
• Supporting our recruiters in candidate data evaluation
• Ensuring consistent review standards across all applications

• Your information is processed securely and used exclusively for recruitment purposes
• Cloud and Things may store your resume in our Applicant Tracking System (ATS) indefinitely for future job matching opportunities
  • You may opt out of long-term ATS storage by emailing your name  and your request to opt out of storing your resume in the ATS to: security@cloudandthings.com
• All personal information is handled confidentially in accordance with our privacy policy

• AI processing data is retained for a maximum of 90 days, after which it is deleted
• All data sent to AI tools is encrypted in transit and at rest
• AI tools comply with applicable privacy laws including GDPR and CCPA
• Personal data is anonymized or minimized wherever possible during AI processing

Your Participation
By submitting your application, you acknowledge this notice and consent to AI-assisted evaluation as part of our recruitment process. You may opt out only by choosing not to submit your resume for consideration.