Back to search
AGS Linkedin · Posted 27d ago

Senior Application Security Engineer

New York, United States

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Senior Security Engineer – Secure Code Review

📍 New York, NY

🏢 On-site | Full-Time



My client is seeking a Senior Security Engineer to join their Application Security practice. This role is ideal for a hands-on AppSec professional with a strong software development background and deep experience performing secure code reviews, analysing CVEs, and working with SAST and SCA tools in real production environments


.
Responsibiliti

  • esPerform manual and tool-assisted secure code reviews across Java and C#/.NET applicatio
  • nsAnalyse and triage vulnerabilities in open-source libraries and frameworks (CVE analysi
  • s)Assess applications against OWASP Top 10 and identify exploitable security issu
  • esProvide developers with actionable remediation guidance and architectural recommendatio
  • nsUse AI-assisted code analysis tools to accelerate vulnerability detection and validate findin
  • gsSupport vulnerability management, risk assessments, and compensating controls such as WAF rul
  • esResearch emerging open-source vulnerabilities and produce mitigation guidan


ce
Must-Have Ski

  • llsHands-on experience with SAST and/or SCA tools (e.g. Checkmarx, SonarQube, Black Du
  • ck)Real-world experience performing CVE analysis and exploitability tri
  • ageStrong Java proficiency (JDK 8–21, Spring, Maven/Grad
  • le)Ability to review and understand complex codebases written by oth
  • ersSolid understanding of OWASP Top 10 and secure coding princip
  • les8+ years in software development, application security, or b


oth
Preferred Sk

  • illsC#/.NET and ASP.NET Core experi
  • enceDAST tools such as Burp Suite or OWASP
  • ZAPExperience writing or validating WAF r
  • ulesSecure SDLC, threat modelling, or security champion progra
  • mmesConsulting or professional services backgr
  • oundCloud application security experience (AWS, Azure, or
  • GCP)Certifications such as CSSLP, GWEB, GPEN, or


OSCP
Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent