Application Security Consultant

Job Description

Software Guidance & Assistance, Inc., (SGA), is searching for an Application Security Consultant for a CONTRACT assignment with one of our premier Hospitality clients in Parsippany, NJ . (REMOTE AND ONSITE POSITIONS AVAILABLE)

Summary : - Our client is seeking an Application Security Consultant to join the greater Information Security Team and help advance our enterprise application security program. This role will play a critical part in the design, build, and operation of security capabilities that protect the client's web, mobile, and cloud-native applications. The position requires broad application security experience across secure development practices, code analysis, cloud security, and production protection technologies. As a member of the Cybersecurity Team, the consultant will execute and mature the application security architecture and framework across development, cloud, and production environments. The position will work directly with business application teams on secure design, code review oversight, release coordination, and production resilience. This role will formally represent the application security team in discussions involving new projects, architectures, and security control design, ensuring cybersecurity requirements are embedded early and consistently. Regular interaction with both technical and business personnel will be required to provide risk-based security analysis and recommendations that balance protection, performance, and delivery timelines. The consultant will administer and optimize static code scanning solutions such as Checkmarx, ensure vulnerabilities are identified and remediated in alignment with OWASP Top Ten and broader industry risks, and collaborate closely with AWS engineering teams to secure Lambda functions and runtime resources. The role will also partner with change and release management to coordinate production code deployments from both security and reliability perspectives, while maintaining operational oversight of application-layer protection technologies.

Responsibilities : - Lead application security design and implementation across web, mobile, and AWS cloud-native services, including secure architecture reviews, AWS Lambda and runtime resource protection, and integration of security controls into CI/CD pipelines.

- Administer and optimize static code scanning solutions such as Checkmarx, conduct vulnerability triage and remediation guidance aligned with OWASP Top Ten and broader application security risks, and validate security readiness prior to production release.

- Manage and enhance application-layer protection technologies, including policy tuning, configuration updates, and detection improvements, ensuring protections remain effective without impacting performance or customer experience.

- Coordinate closely with change and release management to align security controls with production deployment schedules, participate in go-live planning, and act in a Site Reliability Engineering capacity to ensure secure and stable releases.

- Represent the application security team in project planning and architectural discussions, provide risk-based security analysis, and ensure cybersecurity requirements are embedded into design, development, and delivery decisions.

- Provide structure

- Security reporting, track remediation efforts, and support cross-functional project management activities to ensure application security initiatives are delivered on time and aligned with business objectives.

- Represent application security and cybersecurity in meetings or project discussions when additional coverage or subject matter expertise is needed

- Devise methods to automate security testing activities or streamline operational processes, where applicable

- Improve and document operational and troubleshooting procedures to support long-term maintainability

- Perform or support activities such as penetration testing, secure code reviews, or developer training when specialized coverage is needed, but not as a primary responsibility

Required Skills : - 3+ years of offense and defense application security experience with demonstrated hands-on expertise in SAST and SCA tools such as Checkmarx and Synk, including findings triage, ruleset tuning, and managing vulnerability lifecycle across enterprise environments

- Strong understanding of OWASP Top Ten and broader web and API vulnerabilities, including practical remediation techniques within enterprise environments

- Knowledge of web and mobile application development and deployment methodologies

- Hands-on experience securing AWS cloud environments, including Lambda, API Gateway, IAM, and S3, with experience operating cloud-native security platforms such as Orca Security, Wiz, or Prisma Cloud to surface and remediate risk across workloads and infrastructure

- Ability to read and reason about code in languages such as Node.js, JavaScript, Java, or Python

- Ability to sufficiently perform meaningful secure code review, validate SAST/SCA findings, and collaborate credibly with engineering teams on remediation

- Experience working with change management and release governance processes within production environments

- Strong project management and communication skills with the ability to represent cybersecurity requirements across technical and business stakeholders

- Solid understanding of agile methodologies, DevSecOps practices, and CI/CD pipeline integration

- Familiarity with security threat intelligence sources and how they inform application-layer defenses

- Experience partnering with development teams to drive security remediation by running working sessions, building runbooks, and supporting secure coding adoption through a developer-first engagement model.

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at . #LI-SH1

Beginning with the most important, or in a logical sequence, describe 5 to 7 major responsibilities of this job. Provide as much detail as necessary to give an accurate, complete outline. Indicate the percentage of total working time spent on each essential responsibility. The total should equal 100%. If a job function is considered to be less than 10% of the working time, please consider if it would be more appropriate to be included in the Non-Essential Job Functions section. SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company EEO page to request an accommodation or assistance regarding our policy.