Job Description
W2 Only This role is not open to subcontracting (i.e. No c2c / No Corp to Corp)*** Weare seeking an Application Security contractor for a remote project. The client is based in NJ and is open to remote contractors based in the eastern time zone. The contract should have at least3+ years of offense and defense application security experience with demonstrated hands-on expertise in SAST and SCA tools such as Checkmarx and Synk, including findings triage, ruleset tuning, and managing vulnerability lifecycle across enterprise environments. To be successful in the role, You will need: Strong understanding of OWASP Top Ten and broader web and API vulnerabilities, including practical remediation techniques within enterprise environments Knowledge of web and mobile application development and deployment methodologies Hands-on experience securing AWS cloud environments, including Lambda, API Gateway, IAM, and S3, with experience operating cloud-native security platforms such as Orca Security, Wiz, or Prisma Cloud to surface and remediate risk across workloads and infrastructure Ability to read and reason about code in languages such as Node.js, JavaScript, Java, or Python. Ability to sufficiently perform meaningful secure code review, validate SAST/SCA findings, and collaborate credibly with engineering teams on remediation Experience working with change management and release governance processes within production environments Strong project management and communication skills with the ability to represent cybersecurity requirements across technical and business stakeholders Solid understanding of agile methodologies, DevSecOps practices, and CI/CD pipeline integration Familiarity with security threat intelligence sources and how they inform application-layer defenses Experience partnering with development teams to drive security remediation by running working sessions, building runbooks, and supporting secure coding adoption through a developer-first engagement model.