Application Security Engineer
Brooklyn, NY
Hybrid: 3 days onsite.
One-year contract with the possibility of extension.
Position Overview
The Application Security Engineer is embedded within the Application Development team and ensures security is integrated into all stages of software development. The role focuses on designing and building secure applications while working closely with application administrators who manage security tools and CI/CD pipelines.
This position is responsible for enabling developers to produce secure, resilient, and compliant software for Clients's web, mobile, API, GIS, and cloud-based systems supporting Fire, EMS, and administrative operations.
Core Responsibilities
1. Secure Software Development
- Establish and apply secure coding practices within the development team.
- Define and enforce secure coding standards for Java,.NET, Python, and JavaScript applications.
- Conduct secure design and architecture reviews for new and legacy systems.
- Educate developers on secure coding practices, authentication/authorization best practices, and common application vulnerabilities.
- Apply protections aligned with:
- OWASP Top 10
- OWASP API Security Top 10
2. Application & API Security
- Design and implement secure REST APIs and web services.
- Implement secure authentication/authorization using:
- SAML2
- OIDC
- OAuth2
- Secure Java and JavaScript applications, including:
- Spring Boot
- React
- Ensure secure handling of tokens, sessions, and secrets.
- Collaborate with App Admins and Security team to integrate applications into WAFs, load balancers, and other security monitoring tools.
Mandatory Qualifications
- Minimum 4+ years in secure application development.
- Prior hands-on software development experience.
- Strong understanding of:
- Web and mobile application architecture
- Internet protocols (HTTP, HTTPS, WebSockets)
- REST API security
- Expertise in SAST, DAST, and SCA concepts (understanding results and remediation), in collaboration with App Admins.
- Familiarity with security tools such as Veracode, Burp Suite, Zimperium, Prisma, Rapid7.
- Experience applying NIST 800-53 and 800-171 controls at the application design level.
- Strong analytical, troubleshooting, and problem-solving skills.
- Ability to work independently within a development-focused team.
Preferred Qualifications
- Experience with containerized applications (Docker, Kubernetes).
- Knowledge of:
- Core Java, J2EE, Spring Boot
- React, AngularJS, HTML5, CSS, JavaScript
- Experience designing secure GIS systems.
- Familiarity with public safety or emergency response systems.
Application Security Engineer
Brooklyn, NY
Hybrid: 3 days onsite.
One-year contract with the possibility of extension.
Position Overview
The Application Security Engineer is embedded within the Application Development team and ensures security is integrated into all stages of software development. The role focuses on designing and building secure applications while working closely with application administrators who manage security tools and CI/CD pipelines.
This position is responsible for enabling developers to produce secure, resilient, and compliant software for Clients's web, mobile, API, GIS, and cloud-based systems supporting Fire, EMS, and administrative operations.
Core Responsibilities
1. Secure Software Development
- Establish and apply secure coding practices within the development team.
- Define and enforce secure coding standards for Java,.NET, Python, and JavaScript applications.
- Conduct secure design and architecture reviews for new and legacy systems.
- Educate developers on secure coding practices, authentication/authorization best practices, and common application vulnerabilities.
- Apply protections aligned with:
- OWASP Top 10
- OWASP API Security Top 10
2. Application & API Security
- Design and implement secure REST APIs and web services.
- Implement secure authentication/authorization using:
- SAML2
- OIDC
- OAuth2
- Secure Java and JavaScript applications, including:
- Spring Boot
- React
- Ensure secure handling of tokens, sessions, and secrets.
- Collaborate with App Admins and Security team to integrate applications into WAFs, load balancers, and other security monitoring tools.
Mandatory Qualifications
- Minimum 4+ years in secure application development.
- Prior hands-on software development experience.
- Strong understanding of:
- Web and mobile application architecture
- Internet protocols (HTTP, HTTPS, WebSockets)
- REST API security
- Expertise in SAST, DAST, and SCA concepts (understanding results and remediation), in collaboration with App Admins.
- Familiarity with security tools such as Veracode, Burp Suite, Zimperium, Prisma, Rapid7.
- Experience applying NIST 800-53 and 800-171 controls at the application design level.
- Strong analytical, troubleshooting, and problem-solving skills.
- Ability to work independently within a development-focused team.
Preferred Qualifications
- Experience with containerized applications (Docker, Kubernetes).
- Knowledge of:
- Core Java, J2EE, Spring Boot
- React, AngularJS, HTML5, CSS, JavaScript
- Experience designing secure GIS systems.
- Familiarity with public safety or emergency response systems.
Government Careers
Government jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
MORE JOBS
-
Weekend Unarmed Security Professional (Part-time) (XPO)
- Concord, North Carolina
- SECURITY SOLUTIONS OF AMERICA
- Jul 01, 2026
-
Store Protection & Loss Prevention Specialist
- Simi Valley, California
- Ross
- Jul 01, 2026
-
World Cup Event Security Officer – $27–$30/hr
- Kansas City, Missouri
- Securitas
- Jul 01, 2026
-
Security / Loss Prevention Officer
- Ottumwa, Iowa
- Therapeutic Alliance, LLC
- Jul 01, 2026
-
Supervisory Technical Security Investigator
- New York, New York
- United States Secret Service
- Jul 01, 2026
-
Immediate Openings – Event Security (High Pay)
- Kansas City, Missouri
- Securitas
- Jul 01, 2026