Talener
Linkedin · Posted 8d ago
Senior Application Security Engineer - Cloud Security
Continue to application
Add your email once, then Caio opens the original posting.
Indexed description
Position OverviewA highly regulated consumer services firm is seeking an experienced, hands-on Senior Application Security Consultant for an initial 3-month contract engagement with a strong likelihood of extension. Reporting directly to the CISO, you will step into a pivotal role managing end-to-end application and cloud security reviews for upcoming product deployments, driving critical third-party risk initiatives, and keeping the enterprise aligned with stringent financial and data privacy regulatory frameworks.
- Engagement Type: Contract (3-month initial term)
- Compensation: Up to $100/hr. (depending on experience)
- Location: Hybrid (2x on-site) Mount Laurel, NJ
- Embedded Advisory & Threat Modeling: Serve as the primary security advisor for engineering squads, conducting secure design reviews and threat modeling prior to product releases.
- Vulnerability Testing & Triage: Perform manual penetration testing of web applications and APIs (via Burp Suite Pro), triage findings with developers, and drive remediation within SLA targets.
- Pipeline Automation (CI/CD): Integrate and optimize automated security scanning gates (SAST, DAST, SCA, and secrets detection) into active developer workflows without creating delivery bottlenecks.
- Runtime Protection: Define and tune WAF and RASP policies to block live threats while ensuring zero disruption to production deployment schedules.
- Posture & Configuration Management: Oversee CSPM, configuration hardening, and architectural validation across multi-cloud environments (AWS/Azure), including containerized workloads.
- Secure Access Modernization: Partner with network infrastructure teams to drive a major enterprise SASE/SSE modernization and secure-access migration initiative.
- Operations & Incident Response: Act as the escalation point for the 24/7 MSSP, maintain incident playbooks, lead root-cause investigations, and author executive post-mortems.
- Identity & Access Governance: Optimize enterprise identity controls using advanced cloud directory services, conditional access policies, and data loss prevention (DLP) tools.
- Third-Party Risk & Assessment: Lead third-party risk evaluations for emerging tech vendors (including VoiceAI/enterprise AI) and manage the end-to-end lifecycle of external penetration testing.
- Regulatory Alignment: Drive control-gap remediation and evidence collection to maintain alignment with NYDFS 23 NYCRR Part 500 and PCI DSS v4.0.
- Audit Readiness: Author clear, executive-grade compliance documentation suitable for regulatory bodies, internal leadership, and institutional due diligence.
- Industry Tenure: 12+ years of dedicated cybersecurity experience with proven, hands-on leadership spanning both AppSec and cloud infrastructure.
- Advanced Engineering: Deep technical mastery of web/API security testing, automated pipeline gating, and multi-cloud security engineering (AWS and Azure).
- Compliance & Audit Literacy: Direct audit experience with PCI DSS and at least one other major framework (NIST 800-53, ISO 27001, SOX, GLBA). Direct familiarity with NYDFS Part 500 is highly advantageous.
- Credentials: CISSP or an equivalent senior security certification is required. Offensive or AppSec-specific certifications (e.g., OSCP, GWAPT, GPEN) are highly preferred.
- Consultative Mindset: Exceptional self-direction with the executive presence required to brief leadership, interface with developers, and operate independently in a fast-moving environment.
- Prior experience in heavily regulated sectors (Financial Services, Insurance, or FinTech).
- Familiarity with enterprise security tooling (e.g., Snyk, Checkmarx, Veracode, Kubernetes, Docker).
- Background working within a premier cybersecurity consultancy or an MSSP environment.
- Experience supporting corporate security due diligence for M&A or private equity events.
- Exposure to AI governance frameworks and securing LLM cloud integrations.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search
Want help applying to roles like this?
Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent