Application Security Consultant (Hybrid)

Hybrid Details: Parsippany, NJ - HybridDuration: 3 months to startOverviewJob Description:The organization is seeking an Application Security Consultant to support and advance its enterprise application security program. This role will focus on protecting web, mobile, and cloud-native applications by embedding security throughout the development lifecycle.You ll work closely with engineering, cloud, and business teams to ensure security is integrated into design, development, and production balancing risk reduction with performance and delivery timelines.What You Ll DoApplication Security Architecture & Engineering (30%)Lead secure design and implementation across web, mobile, and AWS environments. Conduct architecture reviews and integrate security controls into CI/CD pipelines, with a focus on cloud-native services (including AWS Lambda). Vulnerability Management & Code Security (20%)Administer and optimize SAST/SCA tools (e.g., Checkmarx, Snyk). Perform vulnerability triage, guide remediation efforts, and ensure alignment with OWASP Top Ten and industry best practices prior to release. Application Protection & Monitoring (15%)Manage and enhance application-layer security controls. Tune policies, improve detection capabilities, and maintain strong protection without degrading performance or user experience. Release & Production Security (15%)Partner with change and release management teams to support secure deployments. Participate in go-live planning and help ensure stability and resilience from a security perspective. Security Advisory & Stakeholder Engagement (10%)Act as a trusted security partner in project planning and architecture discussions. Provide risk-based guidance and ensure security requirements are embedded early in the development lifecycle. Reporting & Program Support (10%)Track vulnerabilities, report on remediation progress, and support cross-functional initiatives to drive application security maturity across the organization. Additional ResponsibilitiesSupport automation of security testing and operational processesContribute to documentation and operational runbooksProvide guidance or support for penetration testing and secure code reviews as neededAssist with developer education and secure coding practicesWhat You Bring3+ years of hands-on application security experience (offensive and defensive)Strong experience with SAST/SCA tools such as Checkmarx and SnykDeep understanding of OWASP Top Ten and common web/API vulnerabilitiesExperience securing AWS environments (Lambda, API Gateway, IAM, S3)Familiarity with cloud security platforms (e.g., Wiz, Orca, Prisma Cloud)Ability to read and analyze code (JavaScript, Node.js, Java, or Python)Experience integrating security into CI/CD pipelines and DevSecOps environmentsUnderstanding of change management and production release processesStrong communication skills with the ability to work across technical and business teamsExperience working in Agile environmentsNice To HaveExperience with application-layer protection tools (WAF, RASP, etc.)Exposure to threat intelligence and its application to AppSecExperience running security working sessions or developer enablement programs