Senior Application Security Engineer – Vulnerability Operations

2T Consulting

Jersey City, NJ/Dallas, TX/Charlotte, NC

Posted On: Jun 02, 2026

Posted On: Jun 02, 2026

Job Overview

Job Type

Contract - W2, Full-time

Experience

10 - 20 Years

Salary

Depends on Experience

Work Arrangement

On-Site

Travel Requirement

0%

Required Skills

  • Application Security
  • Vulnerability Management
  • Secure SDLC
  • threat modeling
  • CI/CD security
Job Description
Roles and Responsibilities

1. Strategic AppSec Leadership

  • Drive enterprise-wide implementation of Application Security controls across CI/CD pipelines.
  • Partner with AppSec Champions to embed secure development practices and improve security adoption.
  • Define and manage tiered security control strategy (Tier 1–3) with quarterly migration goals.
  • Enable decentralized security ownership across engineering teams.

2. Vulnerability & Threat Management

  • Lead triage, analysis, and remediation of complex and high-risk vulnerabilities.
  • Serve as SME for modern threat classes including cloud-native risks, APIs, supply chain, containers, serverless, and emerging OWASP categories.
  • Perform threat modeling and security design reviews for critical applications.
  • Provide escalation support for advanced AppSec issues.

3. CI/CD Security & Automation

  • Architect and enhance CI/CD security integrations (SAST, DAST, SCA, secrets, IaC scanning).
  • Implement policy-as-code and automated security gating (merge/build prevention).
  • Develop reusable security automation frameworks and pipeline modules.

4. Governance & Reporting

  • Build dashboards, KPIs, and risk scorecards using tools like Power BI or Grafana.
  • Lead vulnerability governance forums and executive reporting on security posture and trends.
  • Manage risk registers, remediation tracking, and quarterly program alignment.

5. Enablement & Continuous Improvement

  • Mentor AppSec engineers and support security champion enablement programs.
  • Evaluate scanning outputs, reduce false positives, and improve detection quality.
  • Continuously enhance AppSec processes, tools, and onboarding workflows.
  • Stay current with emerging threats and security trends.
Required Qualifications
  • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.
  • 7+ years of experience in Application Security, Vulnerability Management, or Secure SDLC.
  • Strong expertise in secure design, threat modeling, exploit analysis, and remediation strategies.
  • Hands-on experience with CI/CD security tooling (SAST, DAST, SCA, secrets, IaC scanning).
  • Proven experience working with engineering teams to drive AppSec adoption and governance.
  • Ability to analyze vulnerability trends and emerging/zero-day threats.
Preferred Qualifications
  • Cloud security experience across AWS, Azure, or GCP.
  • Certifications such as CISSP, CSSLP, OSCP, OSWE, GWAPT, or equivalent.
  • Experience with policy enforcement tools (OPA/Gatekeeper).
  • Knowledge of software supply chain security (SLSA, SBOM).
  • Experience building AppSec Champion or federated security models.

Job ID: 2C321395

Posted By

Shayne

Sr. Recruiter