Application Security Consultant - Hybrid
Highbridge Consulting LLC, New York, NY, United States
Application Security Consultant -
Must Have Responsibilities
Lead application security design across web, mobile, and AWS cloud-native systems, including secure architecture reviews and CI/CD security integration.
dminister and optimize SAST/SCA tools (e.g., Checkmarx, Snyk), triage vulnerabilities, and guide remediation aligned to OWASP Top Ten.
Secure cloud environments (especially AWS Lambda, API Gateway, IAM, S3) and support runtime and application-layer protections.
Partner with release and change management to ensure secure, stable production deployments and support go-live readiness.
Provide security input in architecture and project planning, ensuring requirements are embedded early in design and development.
Track vulnerabilities, produce reporting, and manage remediation progress across engineering teams.
Must Have Qualifications
3+ years in application security (offense and defense) with hands-on SAST/SCA experience.
Strong knowledge of OWASP Top Ten and web/API security vulnerabilities and remediation.
Experience securing AWS cloud services and working with cloud security platforms (e.g., Wiz, Prisma Cloud, Orca).
bility to read and review code in Java, JavaScript/Node.js, or Python for security validation.
Experience with CI/CD pipelines, DevSecOps practices, and secure SDLC integration.
Strong communication skills with ability to influence technical and business stakeholders.
Experience working with change/release management in production environments.
Nice to Have Responsibilities
utomate security testing and improve security tooling workflows.
Develop and improve security runbooks, documentation, and operational procedures.
Support penetration testing, secure code reviews, or developer training as needed.
Participate in additional architecture discussions or advisory meetings when required.
Nice to Have Qualifications
Familiarity with threat intelligence and how it informs application security controls.
Experience driving developer security adoption through workshops or working sessions.
Strong understanding of agile delivery environments and enterprise release governance.
Must Have Responsibilities
Lead application security design across web, mobile, and AWS cloud-native systems, including secure architecture reviews and CI/CD security integration.
dminister and optimize SAST/SCA tools (e.g., Checkmarx, Snyk), triage vulnerabilities, and guide remediation aligned to OWASP Top Ten.
Secure cloud environments (especially AWS Lambda, API Gateway, IAM, S3) and support runtime and application-layer protections.
Partner with release and change management to ensure secure, stable production deployments and support go-live readiness.
Provide security input in architecture and project planning, ensuring requirements are embedded early in design and development.
Track vulnerabilities, produce reporting, and manage remediation progress across engineering teams.
Must Have Qualifications
3+ years in application security (offense and defense) with hands-on SAST/SCA experience.
Strong knowledge of OWASP Top Ten and web/API security vulnerabilities and remediation.
Experience securing AWS cloud services and working with cloud security platforms (e.g., Wiz, Prisma Cloud, Orca).
bility to read and review code in Java, JavaScript/Node.js, or Python for security validation.
Experience with CI/CD pipelines, DevSecOps practices, and secure SDLC integration.
Strong communication skills with ability to influence technical and business stakeholders.
Experience working with change/release management in production environments.
Nice to Have Responsibilities
utomate security testing and improve security tooling workflows.
Develop and improve security runbooks, documentation, and operational procedures.
Support penetration testing, secure code reviews, or developer training as needed.
Participate in additional architecture discussions or advisory meetings when required.
Nice to Have Qualifications
Familiarity with threat intelligence and how it informs application security controls.
Experience driving developer security adoption through workshops or working sessions.
Strong understanding of agile delivery environments and enterprise release governance.