Application Security Consultant

Job Description

Application Security Consultant As an Application Security Consultant, you will play a crucial role in ensuring the security of web, mobile, and AWS cloud-native systems. You will be responsible for leading application security design, administering security tools, securing cloud environments, and providing security input in architecture and project planning.

Must Have Responsibilities - Lead application security design across web, mobile, and AWS cloud-native systems, including secure architecture reviews and CI/CD security integration.

- Administer and optimize SAST/SCA tools (e.g., Checkmarx, Snyk), triage vulnerabilities, and guide remediation aligned to OWASP Top Ten.

- Secure cloud environments (especially AWS Lambda, API Gateway, IAM, S3) and support runtime and application-layer protections.

- Partner with release and change management to ensure secure, stable production deployments and support go-live readiness.

- Provide security input in architecture and project planning, ensuring requirements are embedded early in design and development.

- Track vulnerabilities, produce reporting, and manage remediation progress across engineering teams.

Must Have Qualifications - 3+ years in application security (offense and defense) with hands-on SAST/SCA experience.

- Strong knowledge of OWASP Top Ten and web/API security vulnerabilities and remediation.

- Experience securing AWS cloud services and working with cloud security platforms (e.g., Wiz, Prisma Cloud, Orca).

- Ability to read and review code in Java, JavaScript/Node.js, or Python for security validation.

- Experience with CI/CD pipelines, DevSecOps practices, and secure SDLC integration.

- Strong communication skills with ability to influence technical and business stakeholders.

- Experience working with change/release management in production environments.

Nice to Have Responsibilities - Automate security testing and improve security tooling workflows.

- Develop and improve security runbooks, documentation, and operational procedures.

- Support penetration testing, secure code reviews, or developer training as needed.

- Participate in additional architecture discussions or advisory meetings when required.

Nice to Have Qualifications - Familiarity with threat intelligence and how it informs application security controls.

- Experience driving developer security adoption through workshops or working sessions.

- Strong understanding of agile delivery environments and enterprise release governance.