Description This role is the first dedicated Application Security hire on a growing security team and will build the AppSec function from the ground up. The focus is hands-on, practitioner-level application security with SAST and DAST at the core, strong API security fundamentals, and close partnership with developers.
The environment is SaaS-heavy and AWS-native with no on-prem applications. This role embeds security directly into modern development workflows, including AI-assisted coding using tools like Cursor and GitHub Copilot, ensuring secure application, API, and cloud delivery at scale.
What You'll Do (Core Responsibilities)
Own and operate the organization's SAST and DAST programs end-to-end
Design, deploy, tune, and mature SAST and DAST tooling across development and release pipelines
Review application code, including AI-generated code, to identify vulnerabilities, insecure patterns, secrets exposure, and data handling risks
Partner directly with software developers to triage findings, prioritize remediation, and validate fixes
Act as a trusted AppSec partner to engineering, not a gatekeeper
Perform application and API security reviews across internally developed and SaaS-integrated systems
Evaluate authentication, authorization, transport security, rate limiting, session handling, logging, and data exposure risks
Assess externally exposed applications and APIs for secure design and release readiness
Support secure AWS application patterns including IAM, secrets management, logging, networking, and containerized workloads
Help centralize and improve secrets management using AWS Secrets Manager and enterprise tooling
Translate security requirements into practical, developer-friendly guidance
Help govern AI-assisted development by defining guardrails for acceptable use of AI coding tools
Review AI-enabled workflows for security risks including prompt misuse, data leakage, and insecure implementation
Build repeatable security review criteria and documentation aligned to NIST and SOC 2 expectations
Requirements - 5+ years of experience in Application Security, Security Engineering, DevSecOps, or secure software development
- Hands-on experience with SAST, DAST, secrets scanning, and dependency review in enterprise environments
- Strong knowledge of API security - authentication, authorization, transport security, and data handling risks
- Working knowledge of AWS security fundamentals - IAM, logging, encryption, networking, and secrets management
- Experience securing or governing AI-assisted development tools such as Cursor, GitHub Copilot, or similar
- AWS fundamentals including IAM, secrets management, logging, and networking
- Experience embedding security controls into SDLC and CI/CD pipelines
- Strong documentation skills - ability to produce defensible standards and audit-ready evidence for NIST and SOC 2
- Excellent verbal and written communication skills; ability to work effectively with developers, architects, and business stakeholders
Preferred Qualifications- Experience with MuleSoft or SaaS integration security platforms
- Familiarity with CrowdStrike Falcon Suite, Snyk, or Veracode
- Microsoft / M365 security experience
- Exposure to FINRA, SOX, or other financial services regulatory frameworks
- DSPM familiarity
Technology Doesn't Change the World, People Do.
Robert Half is the world's first and largest specialized talent solutions firm that connects highly qualified job seekers to opportunities at great companies. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles.
Robert Half works to put you in the best position to succeed. We provide access to top jobs, competitive compensation and benefits, and free online training. Stay on top of every opportunity - whenever you choose - even on the go. Download the Robert Half app and get 1-tap apply, notifications of AI-matched jobs, and much more.
All applicants applying for U.S. job openings must be legally authorized to work in the United States. Benefits are available to contract/temporary professionals, including medical, vision, dental, and life and disability insurance. Hired contract/temporary professionals are also eligible to enroll in our company 401(k) plan. Visit roberthalf.gobenefits.net for more information.
2025 Robert Half. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking "Apply Now," you're agreeing to Robert Half's Terms of Use and Privacy Notice.
Never miss an opportunity! Create an alert based on the job you applied for.