Application Security Engineer

Title: Application Security EngineerClient: NYC AgencyLocation: Manhattan, NY - Hybrid. 3days onsite / 2 days remoteDuration: 12 MonthsWork Hours:35 Hours/ week (7hrs a day)Job descriptionWork with product development, management, engineering and operational teams to develop best of breed security architectures supporting compliance (e.g. NYC Privacy Law, NYC Citywide Security Policies, HIPAA, SHIELD Act), customer requirements and operational SLAsProvide practical guidance to engineering teams to support the implementation of security controls, guidelines, recommendations and best practicesDevelop and implement Secure Development Lifecycle (SDL) processes and (automated / devops) tools, integration to CI/CDAssist engineering teams in performing Threat Modeling, identify application threats/vulnerabilities and recommend mitigation strategiesAssist teams in identifying mitigation approaches for of vulnerability and static/dynamic scan resultsIdentify technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasksExperienceStrong understanding of application security and industry standards and best practices (OWASP / SANS / NIST)Strong understanding of SDLC and Secure Development Lifecycle (SDL) including performing threat modeling and risk assessmentsStrong understanding of integration of security in CI/CD pipeline, DevOps, DevSecOPSExperience designing and implementing API Security and Access Controls (OAuth/SAML, Web SSO, AWS IAM, Federation)Must be a self-starter and able to work well with others in a fast-paced agile environment with an emphasis on collaborating and assisting the team to meet business objectivesQualifications:3+ year experience in tools like SD Elements, Veracode, Tenable, Rapid7 or equivalent products.Experience integrating tracking of issues with Service Now plus.10 years of Information Technology experience5 years of Application Development Experience7+ years of security engineering experienceBachelor's degree in information security/systems or related experienceCISSP / CCSP certification a plus