What are the responsibilities and job description for the Senior Application Security Engineer - Cloud Security position at Talener?
Position Overview
A highly regulated consumer services firm is seeking an experienced, hands-on Senior Application Security Consultant for an initial 3-month contract engagement with a strong likelihood of extension. Reporting directly to the CISO, you will step into a pivotal role managing end-to-end application and cloud security reviews for upcoming product deployments, driving critical third-party risk initiatives, and keeping the enterprise aligned with stringent financial and data privacy regulatory frameworks.
Application Security & DevSecOps
Required Experience & Technical Skills
A highly regulated consumer services firm is seeking an experienced, hands-on Senior Application Security Consultant for an initial 3-month contract engagement with a strong likelihood of extension. Reporting directly to the CISO, you will step into a pivotal role managing end-to-end application and cloud security reviews for upcoming product deployments, driving critical third-party risk initiatives, and keeping the enterprise aligned with stringent financial and data privacy regulatory frameworks.
- Engagement Type: Contract (3-month initial term)
- Compensation: Up to $100/hr. (depending on experience)
- Location: Hybrid (2x on-site) Mount Laurel, NJ
Application Security & DevSecOps
- Embedded Advisory & Threat Modeling: Serve as the primary security advisor for engineering squads, conducting secure design reviews and threat modeling prior to product releases.
- Vulnerability Testing & Triage: Perform manual penetration testing of web applications and APIs (via Burp Suite Pro), triage findings with developers, and drive remediation within SLA targets.
- Pipeline Automation (CI/CD): Integrate and optimize automated security scanning gates (SAST, DAST, SCA, and secrets detection) into active developer workflows without creating delivery bottlenecks.
- Runtime Protection: Define and tune WAF and RASP policies to block live threats while ensuring zero disruption to production deployment schedules.
- Posture & Configuration Management: Oversee CSPM, configuration hardening, and architectural validation across multi-cloud environments (AWS/Azure), including containerized workloads.
- Secure Access Modernization: Partner with network infrastructure teams to drive a major enterprise SASE/SSE modernization and secure-access migration initiative.
- Operations & Incident Response: Act as the escalation point for the 24/7 MSSP, maintain incident playbooks, lead root-cause investigations, and author executive post-mortems.
- Identity & Access Governance: Optimize enterprise identity controls using advanced cloud directory services, conditional access policies, and data loss prevention (DLP) tools.
- Third-Party Risk & Assessment: Lead third-party risk evaluations for emerging tech vendors (including VoiceAI/enterprise AI) and manage the end-to-end lifecycle of external penetration testing.
- Regulatory Alignment: Drive control-gap remediation and evidence collection to maintain alignment with NYDFS 23 NYCRR Part 500 and PCI DSS v4.0.
- Audit Readiness: Author clear, executive-grade compliance documentation suitable for regulatory bodies, internal leadership, and institutional due diligence.
Required Experience & Technical Skills
- Industry Tenure: 12 years of dedicated cybersecurity experience with proven, hands-on leadership spanning both AppSec and cloud infrastructure.
- Advanced Engineering: Deep technical mastery of web/API security testing, automated pipeline gating, and multi-cloud security engineering (AWS and Azure).
- Compliance & Audit Literacy: Direct audit experience with PCI DSS and at least one other major framework (NIST 800-53, ISO 27001, SOX, GLBA). Direct familiarity with NYDFS Part 500 is highly advantageous.
- Credentials: CISSP or an equivalent senior security certification is required. Offensive or AppSec-specific certifications (e.g., OSCP, GWAPT, GPEN) are highly preferred.
- Consultative Mindset: Exceptional self-direction with the executive presence required to brief leadership, interface with developers, and operate independently in a fast-moving environment.
- Prior experience in heavily regulated sectors (Financial Services, Insurance, or FinTech).
- Familiarity with enterprise security tooling (e.g., Snyk, Checkmarx, Veracode, Kubernetes, Docker).
- Background working within a premier cybersecurity consultancy or an MSSP environment.
- Experience supporting corporate security due diligence for M&A or private equity events.
- Exposure to AI governance frameworks and securing LLM cloud integrations.