Application Security Engineer (Hybrid - NYC/Charlotte, NC)

Our Customer is a leading global, diversified information, services and media company with more than 360 businesses. Its major interests include various financial services, medical information and services businesses, and lastly, ownership in cable television networks; 33 television stations; 24 daily and 52 weekly newspapers; digital services businesses; and nearly 250 magazines around the world.

Our Customer is seeking an Application Security Engineer on a contract basis to help support their business needs. This role is hybrid (3 days on-site and 2 days remote/week) in NYC or Charlotte, NC.

Responsibilities:

• Application discovery and inventory across all business units, including ownership mapping, technology stack profiling, and risk tiering.
• Standing up and operating the AppSec tooling stack — SAST, SCA, secrets scanning, and container/IaC scanning — integrated into business unit CI/CD pipelines.
• Designing and implementing AI-assisted triage workflows on top of AppSec tooling so that finding volume does not overwhelm developers and false positives are filtered before reaching engineering teams.
• Defining secure SDLC requirements, threat modeling practices, and security gates that business units adopt as part of their standard development process.
• Partnering with business unit development leaders to build the relationships and shared playbooks needed to operationalize AppSec without becoming a blocker to delivery.
• Contributing to AI security strategy — evaluating emerging tools (AI code review assistants, agentic security testing, automated security requirement generation) and recommending what to operationalize and what to defer.
• Producing executive-ready metrics and reporting that connect AppSec activity to business risk reduction.

Skills and Qualifications:

• 7+ years in application security, product security, or security engineering, with at least 3 years in environments with multiple independent business units, brands, or product lines.
• Hands-on experience deploying and operating modern AppSec tooling (e.g., Semgrep, Snyk, Checkmarx, Veracode, Apiiro, Ox Security, GitHub Advanced Security).
• Working code-level proficiency in at least three commonly-used languages (e.g., Python, JavaScript/TypeScript, Java, C#, Go) is sufficient to read, review, and triage findings.
• Strong scripting and automation skills in Python or equivalent; comfortable building integrations against REST APIs and operating in CI/CD environments (GitHub Actions, GitLab CI, Jenkins, Azure DevOps).
• Demonstrated ability to influence engineering organizations without direct authority — negotiating standards, driving adoption, and partnering with development leaders.
• Practical understanding of OWASP Top 10, threat modeling methodologies (STRIDE, PASTA, or equivalent), and modern attack patterns, including supply chain risks.

Preferred Qualifications:

• Experience integrating LLM-based tooling into security workflows (alert triage, finding summarization, remediation guidance generation).
• Familiarity with one or more compliance frameworks relevant to the environment (HITRUST, HIPAA, NIST AI RMF, SOC 2).
• Prior experience working in a regulated or healthcare-adjacent environment.
• Cloud security depth in at least one major provider (AWS, Azure, GCP).
• Public contribution to AppSec community — OSS, conference talks, published research, or detection/rule contributions.

We offer a competitive salary range for this position. Most candidates who join our team are hired at the median of this range, ensuring fair and equitable compensation based on experience and qualifications.

Contractor Benefits are available through our 3rd Party Employer of Record (Available upon completion of waiting period for eligible engagements)

Benefits: Medical, Dental, and 401k (no match)

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.