Senior Application Security Specialist

We are seeking an Application Security Engineer, you will join the Global Security Support Center (GSSC) Application Security team, which is responsible for managing the entire lifecycle of security findings reported by customers and penetration testers. This is a hands-on role that requires a deep understanding of security issues. Here are some of the specific details:Job Title: Application Security Engineer Job Duration: 7+ months Job Location: Orlando, FL (Remote)Eligibility: ONLY W2 CandidatesREQUIRED SKILLS:Strong working knowledge of OWASP Top 10 and beyond: prototype pollution, server-side injection, SSRF, IDOR, GraphQL attack surface.3+ years in application security — pen testing, bug bounty, or product security engineering.Understand key platform mechanisms: ACLs/roles, scoped apps, business rules, scripted REST APIs, and data access patterns (GlideRecord/Table API).Comfortably navigate a ServiceNow instance and reason about security in the Now Platform context.Experience writing technical security reports for both engineering and executive audiences.Ability to read and trace code across JavaScript and Java codebases. Advanced ServiceNow platform experience (e.g., custom app development or deep familiarity with the ACL model and scoping boundaries). Security certifications (GWEB, GWAPT, OSCP, or equivalent). A reasonable, good faith estimate of the minimum and maximum for this position is $88/hr to $98/hr on W2.