Application Security Consultant (Appsec, Pen test, Secure Code Review)

Job Title:      Application Security Engineer

Duration:     Till Nov 2026 with extension possible

Location:      Charlotte, NC (Hybrid model - 3 days a week)

Interview:    Video conference interview – 3 phases (Panel, Tech Test on your own time &

Final); provide location and best time to interview – video-onscreen.

Requirement Notes:

·       Senior Analyst Cyber Security, Penetration Testing, and Secure Code Review

·       Outstanding problem-solving and troubleshooting skills with a strong attention to detail and standards;

·       Perform penetration testing against products and systems, including web applications, web services, and mobile devices; Vulnerability triage

·       Experience with secure code review.

Application Security Engineer – Charlotte, NC 

·       Client is a leading automotive financial services company powered by a top direct banking franchise. Client''s automotive services business offers a full suite of financing products and services, including new and used vehicle inventory and consumer financing, leasing, inventory insurance, commercial loans and vehicle remarketing services.

Responsibilities:

·       Perform penetration testing against products and systems, including web applications, web services, and mobile devices.

·       Collaborate with stakeholders to develop remediation strategies.

·       Assist with delivery of secure development training.

·       Demonstrating practical/working exploitation of security flaws.

·       Develop and enhance process to automate the delivery of application security metrics.

·       Review SAST/DAST/IAST output for false positives. Assist development with remediation.

·       Serve as an application security subject matter expert for projects.

·       Participate in threat modeling exercises.

·       Effectively communicate vulnerability details, risks, and potential impacts to, application owners, developers, stakeholders, and partners. 

·       Act as a mentor for junior team members/interns.

·       Design, implement, and support security-focused tools and services.

·       Develop low-level tools that improve security testing, reporting, and monitoring.

 Principal Expectations:

·       7+ years of experience in manual penetration testing of web and mobile applications.

·       Identify, research, and evaluate current vulnerabilities, provide remediation and configuration guidance. Collaborate with stakeholders to develop remediation strategies.

·       Ability to interact with company personnel at all levels and across all business units to comprehend business imperatives. A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships.

·       Competent to work independently at an advanced technical level.

·       Produce well-written, detailed reports that describe vulnerabilities/risks and that provide specific remediation guidance.

Required Skills

·       Proven work experience in manual secure code review.

·       Experience working with GitLab Ultimate CI/CD technology, shift-left tools, and application security workflows.

·       GPEN, OSCP, CISSP, GWAPT, CEH, or similar certifications.

·       Desired scripting experience: One or more of Python, JavaScript, PowerShell, shell script, Ruby, PHP, LUA etc.

·       Bachelor’s degree in Information Technology or Computer Science, or equivalent experience.

·       Inherent passion for information security and service excellence.

·       The ability to adapt to new situations and the desire to learn and stay current with AppSec trends, threats, and risks.