Application Security Consultant (ONLY W2 Candidates)

Title: Application Security Consultant

Location: Parsippany, NJ

Type: Contract

Summary

Our Client is seeking an Application Security Consultant to join the greater Information Security Team and help advance our enterprise application security program. This role will play a critical part in the design, build, and operation of security capabilities that protect Wyndham’s web, mobile, and cloud-native applications. The position requires broad application security experience across secure development practices, code analysis, cloud security, and production protection technologies.

As a member of the Cybersecurity Team, the consultant will execute and mature the application security architecture and framework across development, cloud, and production environments. The position will work directly with business application teams on secure design, code review oversight, release coordination, and production resilience. This role will formally represent the application security team in discussions involving new projects, architectures, and security control design, ensuring cybersecurity requirements are embedded early and consistently. Regular interaction with both technical and business personnel will be required to provide risk-based security analysis and recommendations that balance protection, performance, and delivery timelines.

The consultant will administer and optimize static code scanning solutions such as Checkmarx, ensure vulnerabilities are identified and remediated in alignment with OWASP Top Ten and broader industry risks, and collaborate closely with AWS engineering teams to secure Lambda functions and runtime resources. The role will also partner with change and release management to coordinate production code deployments from both security and reliability perspectives, while maintaining operational oversight of application-layer protection technologies.

Essential Job Functions

Beginning with the most important, or in a logical sequence, describe 5 to 7 major responsibilities of this job.  Provide as much detail as necessary to give an accurate, complete outline.  Indicate the percentage of total working time spent on each essential responsibility.  The total should equal 100%.  If a job function is considered to be less than 10% of the working time, please consider if it would be more appropriate to be included in the Non-Essential Job Functions section. 

Responsibility

Lead application security design and implementation across web, mobile, and AWS cloud-native services, including secure architecture reviews, AWS Lambda and runtime resource protection, and integration of security controls into CI/CD pipelines.

Administer and optimize static code scanning solutions such as Checkmarx, conduct vulnerability triage and remediation guidance aligned with OWASP Top Ten and broader application security risks, and validate security readiness prior to production release.

Manage and enhance application-layer protection technologies, including policy tuning, configuration updates, and detection improvements, ensuring protections remain effective without impacting performance or customer experience. 

Coordinate closely with change and release management to align security controls with production deployment schedules, participate in go-live planning, and act in a Site Reliability Engineering capacity to ensure secure and stable releases.

Represent the application security team in project planning and architectural discussions, provide risk-based security analysis, and ensure cybersecurity requirements are embedded into design, development, and delivery decisions.

Provide structure

Skills:    d security reporting, track remediation efforts, and support cross-functional project management activities to ensure application security initiatives are delivered on time and aligned with business objectives. 10 Non-Essential Job Functions These are functions which are ancillary to the job, and may be assigned to others if necessary. Most functions that account for only a small part of the job are considered non-essential. # Responsibility

1 Represent application security and cybersecurity in meetings or project discussions when additional coverage or subject matter expertise is needed.

2 Devise methods to automate security testing activities or streamline operational processes, where applicable.

3 Improve and document operational and troubleshooting procedures to support long-term maintainability.

4 Perform or support activities such as penetration testing, secure code reviews, or developer training when specialized coverage is needed, but not as a primary responsibility.

Minimum Requirements and Qualifications

· 3 years of offense and defense application security experience with demonstrated hands-on expertise in SAST and SCA tools such as Checkmarx and Synk, including findings triage, ruleset tuning, and managing vulnerability lifecycle across enterprise environments

· Strong understanding of OWASP Top Ten and broader web and API vulnerabilities, including practical remediation techniques within enterprise environments

· Knowledge of web and mobile application development and deployment methodologies

· Hands-on experience securing AWS cloud environments, including Lambda, API Gateway, IAM, and S3, with experience operating cloud-native security platforms such as Orca Security, Wiz, or Prisma Cloud to surface and remediate risk across workloads and infrastructure

· Ability to read and reason about code in languages such as Node.js, JavaScript, Java, or Python.

Ability to sufficiently perform meaningful secure code review, validate SAST/SCA findings, and collaborate credibly with engineering teams on remediation ·

Experience working with change management and release governance processes within production environments ·

Strong project management and communication skills with the ability to represent cybersecurity requirements across technical and business stakeholders ·

Solid understanding of agile methodologies, DevSecOps practices, and CI/CD pipeline integration ·

Familiarity with security threat intelligence sources and how they inform application-layer defenses ·

Experience partnering with development teams to drive security remediation by running working sessions, building runbooks, and supporting secure coding adoption through a developer-first engagement model.

Regards

Dharma Teja Kotagiri

ERP Analysts, Inc.

425 Metro Place | North Ste# 510|Dublin|OH|43017

Mobile: | Office: Ext: 7199

 | Fax:

Workday Certified Partner |Oracle Gold Partner | CMMI Level3