Application Security Specialist
Listed on 2026-06-18
-
IT/Tech
Cybersecurity, Security Management & Operations
Dev Sec Ops Engineer / Application Security Specialist
Duration: Contract-to-Hire
Join a growing Application Security team focused on embedding security throughout the software development lifecycle. This flexible hybrid opportunity supports enterprise-wide security initiatives through secure CI/CD implementation, security automation, vulnerability management, and developer enablement. The ideal candidate will bring a strong blend of hands‑on software development and Application Security experience, enabling them to work effectively with engineering teams while improving application security posture across the organization.
This role provides exposure to modern Dev Sec Ops practices, cloud security, security automation, and enterprise‑scale application security programs. You'll work across web, mobile, API, and cloud‑enabled applications while partnering closely with developers to identify vulnerabilities, drive remediation efforts, and enhance secure development practices. This is an excellent opportunity for someone looking to make a measurable impact on security operations while positioning themselves for long‑term growth through a potential contract‑to‑hire pathway.
Contract Duration: Contract-to-Hire
Required Skills & Experience- Bachelor's Degree in Computer Science, Cybersecurity, Information Security, Information Technology, Engineering, or equivalent experience
- 3–6 years of Application Security, Dev Sec Ops , Software Development, Security Testing, or Vulnerability Management experience
- Strong hands‑on Application Security experience
- Secure coding and secure SDLC expertise
- Experience supporting SAST, SCA/OSCA, and DAST programs
- API security assessment experience
- Vulnerability validation and remediation guidance experience
- Dev Sec Ops and CI/CD pipeline integration experience
- Experience working directly with software development teams
- Knowledge of REST and SOAP APIs
- Experience with Git Hub, Jira, and Jenkins
- Cloud security experience (AWS and/or Azure)
- Development or scripting experience in Java, Python, Ruby, Go, Node.js, or similar languages
- Strong communication and stakeholder engagement skills
- Experience explaining vulnerabilities, risks, and remediation strategies to technical and non‑technical audiences
- Sonatype Nexus IQ experience
- White Hat or Black Duck DAST experience
- Noname API Security experience
- Now Secure mobile security experience
- Salesforce intake workflow experience
- Docker and Kubernetes experience
- Enterprise Dev Sec Ops pipeline integration experience
- Mobile application security testing experience
- Experience supporting large enterprise Application Security programs
- Master's Degree in a related field
- Relevant certifications such as CISSP, CSSLP, GIAC, Security+, AWS Security, or Azure Security
- 40% Application Security Assessments & Vulnerability Management
- 35% Dev Sec Ops & Security Tool Integration
- 25% Developer Engagement, Remediation Support & Security Consulting
Key Responsibilities
- Support end‑to‑end Application Security services including intake, assessment scoping, and stakeholder engagement
- Conduct and support SAST, SCA, DAST, API Security, and Mobile Security assessment activities
- Validate vulnerabilities and reduce false positives
- Provide remediation guidance to development teams
- Assist with App Sec backlog reduction and vulnerability closure efforts
- Integrate security tooling into CI/CD pipelines and development workflows
- Support secure software development lifecycle initiatives
- Implement and improve security automation capabilities
- Enhance developer self‑service security capabilities
- Support cloud‑based Dev Sec Ops and application security processes
- Track and manage security findings through Jira and defect management workflows
- Create documentation and operational procedures for App Sec processes
- Partner with cybersecurity and software engineering teams to improve security posture
- Support web, mobile, API, and cloud‑enabled application security assessments
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).