Application Security Architect

Software Guidance & Assistance, Inc., (SGA), is searching for an Application Security Engineer for a FULL TIME assignment with one of our premier Investment Banking clients in New York, NY .

Responsibilities :

• Work closely with others in IT to develop a secure SDLC with gating functions for application source code and IaC.
• Define metrics and reporting on application security policies and processes and track adherence.
• Proactively research and identify application security vulnerabilities and provide recommended counter measures.
• Work with application development teams to design applications that are inherently secure.
• Automate AppSecOps automated security testing processes including SAST, DAST and IAST as appropriate.
• Perform code deep dives to uncover security vulnerabilities or design flaws.
• Provide subject matter expertise in application code and IaC security best practices.
• Support and consult with development teams in application security, including threat modeling and code reviews.
• Advocate and champion ShiftLeft security initiatives and processes.
• Contribute in raising the security awareness of team members through instructions and hands-on training.
• Have general awareness on industry data privacy standards across cloud providers and vendor product liabilities.
• Work as an active participant in an Agile development environment; attend daily standups, sprint planning and retrospectives.

Required Skills:

• Bachelor's degree in Computer Science or related field (or equivalent experience)
• 4 or more years of IT DevSecOps/AppSecOps experience.
• Proficiency in one or more programming languages (Python, Java, C++ etc.)
• Understanding of CWE 25 and OWASP Top 10; with experience in implementing remediation strategies.
• Experience in application security and threat modeling.
• Familiar with application security control frameworks and its current usage in applications (e.g., Authentication, Cryptography and Data Protection, Authorization, Web Access Firewall etc.).
• Excellent understanding of application security testing automation including SAST, DAST and IAST.
• Knowledge of web application technologies and layer 7 protocols like HTTP, FTP, DHCP etc.
• Knowledge of exploit development and vulnerability research and reporting.
• Knowledge of mobile app code security testing.
• Experience in AWS technologies are a strong plus.
• Exposure to Python, NGNIX, Gunicorn and ReactJS is a plus.
• Experience working with code management tools such as Github.
• Must have the ability to work in a dynamic, fast-paced environment.
• Strong communication skills with ability to interact with stakeholders at various levels.
• Strong problem solving and analytical skills

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at ;/a> .

EEO Employer: Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status.