Application Security Engineer

Outstanding long-term contract opportunity! A well-known Financial Services Company is looking for a Information Security Engineer in Iselin, NJ (Hybrid).

Work with the brightest minds at one of the largest financial institutions in the world. This is a long-term contract opportunity that includes a competitive benefit package! Our client has been around for over 150 years and is continuously innovating in today's digital age. If you want to work for a company that is not only a household name, but also truly cares about satisfying customers' financial needs and helping people succeed financially, apply today.

Contract Duration: 3 Months

Required Skills & Experience

• 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work or consulting experience, training, military experience, education.
• 7+ years of experience as Application Security and DevSecOps engineer, collaborating with developers to adopt and mature secure development
• Solid background in software development, experience in one or more of programming languages, .Net C#, Java, RUST, C++
• Ability to write automation scripts in Python, PowerShell to support internal projects
• Experience with CI/CD pipelines and related technologies (e.g., GitHub, Jenkins, Maven, Artifactory, Harness, Xray, Curation)
• Good understanding of Secure Software development lifecycle
• Strong knowledge of OWASP Top 10 or CWE
• Detailed oriented must be able to create documentation on different SCA procedures and tool configuration.
• Experience with Jira/Confluence
• Strong problem-solving and analytical skills
• Certification in information security (CISSP, CISM, CEH, etc.)
• Experience with container security working with technologies like k8s and container technologies such as Openshift
• Experience generating Software Bill of Materials (SBOMs) using CycloneDX or SPDX, managing or utilizing dependency track

Desired Skills & Experience

• Familarity and experience with AI tools supporting false positives reduction, auto code remediation, open source threat intelligence

What You Will Be Doing

• Consult on complex initiatives with broad impact and large-scale planning for Information Security Engineering.
• Review and analyze complex multi-faceted, larger scale or longer-term Information Security Engineering challenges that require in-depth evaluation of multiple factors including intangibles or unprecedented factors.
• Contribute to the resolution of complex and multi-faceted situations requiring solid understanding of the function, policies, procedures, and compliance requirements that meet deliverables.
• Strategically collaborate and consult with client personnel.
• Managing security automation tools with main focus on SCA (i.e. Checkmarx One, BlackDuck) and other tools in the ecosystem along with supporting operational management with regularily scheduled upgrade of the tools.
• Interface with various internal teams ServiceNow AVR, DevOps and vulnerability operations team to make sure SCA vulnerabities are identified and recorded per the application security policies and guidance.
• Collaborate with security architecture teams to design vulnerability management workflow, establish best practices and design guidance to optimize experience for developers
• Security training and outreach as needed for internal development teams
• Adversarial security analysis on various application security requirements as requested from various CIO teams, research and recommend cutting-edge tools and industry best practices.
• Work with application security governance teams, risk & compliance partners on audits (e.g., SOC 2, PCI-DSS) and recommending relevant policies.
• Collaborate with CTO pipeline teams to improve code quality and vulnerability detection on OpenSource, code signing and SBOM creation
• Analyze, enhance, architect and support container security tools and platforms
• Design and build advanced security solutions to strengthen open source software supply chains for effective automation and management.