Senior Application Security Engineer

Note* - Only Hiring for W2 local candidates, Not applicable for C2C or 1099

Title: Application Security Engineer

Location: Remote

Shift - Monday - Friday - 8:00 am to 5:00 pm

Duration: 4 Months – CTH

Project Team Size/Makeup: 12, Application Security Team

Description:

Business Initiative/Purpose: (Goal, Business Impact, Accomplishments from the work)

Intake management, onboarding support, coordination and consulting with development teams, maintaining scanning schedules and monitoring scan failures

Bachelor Degree:

• Preferred.

Role Responsibilities:

• Deploy and configure container scanning tools to ensure secure containerized environments.

• Analyze vulnerabilities identified through SAST, DAST, SCA, and container scans, prioritizing remediation based on risk.

• Develop and maintain custom scripts to automate security processes and enhance scanning capabilities.

• Consult with development teams to provide secure coding guidance and assist with remediation strategies.

• Onboard applications into DAST scanning workflows, ensuring proper configuration and coverage.

• Configure and troubleshoot DAST scans, resolving issues related to application accessibility and scan accuracy.

• Review and validate SAST and SCA findings, confirming or rejecting false positives and “mitigated by design” claims from development teams.

• Document findings, create actionable reports, and communicate technical details effectively to stakeholders.

Must Have Skills/Prior Experiences:

• Strong experience with application security tools: DAST (e.g., Burp Suite, OWASP ZAP), SAST (e.g., Checkmarx, Veracode), and SCA (e.g., Black Duck, Snyk).

• Hands-on experience with container security and deployment of scanning tools (e.g., Wiz, Prisma, Aqua Security).

• Proficiency in scripting languages (Python, Bash, or PowerShell) for automation and tool integration.

• Deep understanding of secure software development lifecycle (SDLC) and common vulnerabilities (OWASP Top 10).

• Ability to troubleshoot complex scanning issues and optimize configurations for accuracy and performance.

• Strong analytical skills for vulnerability triage and risk prioritization.

• Excellent communication skills for consulting with development teams and explaining technical findings.

Plus/Nice to Have Skills/Prior Experiences:

• Experience integrating security tools into CI/CD pipelines.

• Familiarity with cloud-native security (AWS, Azure, GCP) and container orchestration (Kubernetes).

• Knowledge of API security testing and microservices architecture.

• Exposure to DevSecOps practices and security automation frameworks.

• Relevant certifications such as OSWE, GWAPT, or CSSLP.

EEO

“Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of – Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.”