Application Security Engineer, Architect

Job not on LinkedIn

August 16

Apply Now

Receive Emails with Similar Jobs

Fragomen

WebsiteLinkedInAll Job Openings

Compliance • B2B • Enterprise

Fragomen is a leading immigration services provider, offering comprehensive legal and consulting services across the globe. Specializing in corporate immigration, the firm assists businesses, individuals, and families with navigating complex immigration laws and processes. Fragomen provides insights and solutions through their extensive networks and innovative platforms, focusing on compliance and strategic immigration management. With a commitment to diversity and inclusion, Fragomen is recognized for its expertise and leadership in immigration law and policy.

5001 - 10000 employees

📋 Compliance

🤝 B2B

🏢 Enterprise

📋 Description

• Evaluate, propose, and test security verification tools to integrate into development pipelines (SAST, DAST, SCA, and code scanning tools for secrets and API keys) • Lead web application reconnaissance efforts, including understanding underlying technology stacks, risk posture, data handling, authentication/authorization, and proprietary controls • Manage SDLC initiatives around Fragomen’s DAST processes, including Invicti integration, discovery scanning, triaging results, and risk reporting • Conduct application security penetration testing engagements, manually assessing risk surfaces of both existing and emerging web applications; document findings and assist with remediation advice • Perform architectural reviews of applications to ensure secure design and implementation • Secure source code through in-depth analysis (.NET, Python, Java, etc.), assisting with SAST/SCA triage, reporting, and addressing development team remediation queries • Collaborate with 3rd party security firms by providing credentials, demos, and evaluating the accuracy and proficiency of penetration testing reports • Act as the proactive security liaison between AppSec and key stakeholders (Software Development, DevOps, Compliance teams), including potential external customer-facing communications • Automate security workflows and integrate security checks into build and release pipelines, optimizing security testing based on policy, code changes, and risk • Design and recommend gating strategies to enforce security controls at appropriate SDLC stages • Operate and maintain security tools while participating in tasks across other IT Security domains (threat detection, security engineering, architecture, incident response) • Stay ahead of the dynamic security landscape by securing and architecting protections for emerging technologies, including AI, tooling, and frameworks, aligned with business needs

🎯 Requirements

• 3+ years of experience in web application development and cybersecurity • Strong scripting and coding skills with frameworks such as .NET, Python, Bash, PowerShell • Experience with CICD tools (e.g., Jenkins, GitLab, Bamboo, Octopus, Proget) • Knowledge of SDLC best practices • Familiarity with cloud-native security tools and Kubernetes is a plus • Strong communication skills, capable of maintaining professionalism under pressure • Relevant certifications such as GWEB, OSCP preferred • BA degree in related field or equivalent experience

🏖️ Benefits

• 22 PTO days + Federal holidays • Medical, Dental, and Vision plans + FSA & HSA Plans • 401K plan