Sunday, June 14, 2026

Application Security Engineer for Boston, MA

Hi,

My name is Rohit Chauhan, and I am a Staffing Specialist at Novia Infotech LLC. I am reaching out to you on an exciting job opportunity with one of our clients.

 

Job Title: Application Security Engineer
Location: Boston, MA
Bill Rate: $50/hr

Position Overview

State Street's Cyber Security Architecture & Engineering team is seeking a highly skilled Application Security Engineer to strengthen enterprise application security capabilities and support the implementation and adoption of modern AppSec tools and practices. The ideal candidate will have extensive experience in secure software development, vulnerability management, threat modeling, and integrating security controls throughout the Software Development Lifecycle (SDLC).

This role will work closely with development, DevOps, cloud, and security teams to ensure applications are designed, developed, and deployed securely.

Key Responsibilities

Application Security & Secure SDLC

  • Implement and promote Application Security (AppSec) best practices across the Software Development Lifecycle (SDLC).
  • Conduct threat modeling exercises and secure design reviews for new and existing applications.
  • Perform manual and automated secure code reviews to identify security weaknesses.
  • Analyze application vulnerabilities for exploitability, business impact, and remediation prioritization.
  • Collaborate with development teams to address security findings and improve application security posture.

Security Tooling & Automation

  • Support onboarding, configuration, deployment, and optimization of Application Security tools.
  • Integrate security testing tools into CI/CD pipelines to enable automated security validation.
  • Configure and manage:
    • Static Application Security Testing (SAST)
    • Dynamic Application Security Testing (DAST)
    • Software Composition Analysis (SCA)
    • Secret Scanning and Dependency Scanning Tools
  • Drive security automation initiatives within DevSecOps environments.

Secure Development & Developer Enablement

  • Provide guidance and training on secure coding practices.
  • Assist developers in understanding and remediating security vulnerabilities.
  • Promote security-by-design principles across engineering teams.
  • Develop security standards, best practices, and implementation guidelines.

Vulnerability Management & Reporting

  • Assess, prioritize, and track application security vulnerabilities.
  • Perform risk-based vulnerability analysis and remediation validation.
  • Develop dashboards, metrics, and reports to communicate application security posture.
  • Support compliance, audit, and regulatory security requirements.

Cloud & DevSecOps Security

  • Implement application security controls within cloud-native environments.
  • Collaborate with DevOps and Cloud Engineering teams to secure AWS and Azure workloads.
  • Support secure CI/CD pipeline implementations and Infrastructure-as-Code security practices.

Required Skills & Qualifications

Application Security

  • 8–12 years of experience in Application Development, Application Security, or Cybersecurity Engineering.
  • Strong expertise in Application Security (AppSec) methodologies and frameworks.
  • Deep understanding of Secure SDLC and DevSecOps principles.
  • Experience conducting:
    • Threat Modeling
    • Secure Design Reviews
    • Secure Code Reviews
    • Vulnerability Assessments
    • Risk Analysis

Programming & Development

Hands-on development or code review experience in one or more of the following:

  • Java
  • .NET / C#
  • Python
  • Node.js
  • JavaScript / TypeScript

Security Testing Tools

Experience with enterprise AppSec tools, including:

  • SAST Tools (Checkmarx, Fortify, Veracode, SonarQube, etc.)
  • DAST Tools (Burp Suite, OWASP ZAP, AppScan, etc.)
  • SCA Tools (Black Duck, Snyk, Mend/WhiteSource, etc.)
  • CI/CD Security Integrations

Cloud Security

  • Experience securing applications deployed in:
    • Amazon Web Services (AWS)
    • Microsoft Azure
  • Knowledge of cloud-native security controls and best practices.

DevSecOps & CI/CD

Experience with:

  • Jenkins
  • GitHub Actions
  • GitLab CI/CD
  • Azure DevOps
  • Container Security
  • Automated Security Testing

Security Standards & Frameworks

Knowledge of:

  • OWASP Top 10
  • OWASP ASVS
  • CWE/SANS Top 25
  • NIST Cybersecurity Framework
  • Secure Coding Standards
  • Threat Modeling Methodologies

Preferred Qualifications

  • CISSP, CSSLP, GWAPT, GWEB, CEH, or similar security certifications.
  • Experience in financial services or highly regulated environments.
  • Familiarity with Kubernetes, Docker, and container security.
  • Experience implementing enterprise DevSecOps programs.
  • Knowledge of Infrastructure as Code (Terraform, CloudFormation).

 

 

Rohit Chauhan

IT Recruiter

E: rohit.c@noviainfotech.com

www.noviainfotech.com

A: 4421 Avenida Ln, McKinney, TX, 75070

 

 

 

 

--
You received this message because you are subscribed to the Google Groups "NoviaJobs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to noviajobs+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/noviajobs/CAJ0-OE9%2B5iOrxDGt0y3s5yY0hyyBc5%3Dq8bf5dP_6Vfq9bF_-5Q%40mail.gmail.com.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Senior Business Analyst – Accounting for Plano, TX

Hi, Required Skills (Top 3) Accounting Systems & Financial Business Analysis Financial Reconciliation / Transa...