Need USC/GC - Senior Application Security Engineer // Remote // Contract

1 view
Skip to first unread message

Mohammed Humair

unread,
10:13 AM (7 hours ago) 10:13 AM
to 'Google Groups' via C2C Requirementss

Job Title: Senior Application Security Engineer

Location: US Remote

Job Type: Contract

Term: 3-6 months

 

 

Detailed JD:

About the Role:

We are seeking a Senior Application Security Engineer to serve as a senior subject-matter expert in application security and to provide strong technical leadership and decision-making influence across the engineering organization.

This role is application-security–first, with intentional overlap into cloud and platform security where applications, identity, CI/CD, and infrastructure intersect. The role does not own infrastructure, security programs, or departmental priorities; however, it is accountable for driving application-security outcomes and influencing technical direction through deep expertise, partnership, and trusted advisory relationships.

At this level, the Senior Application Security Engineer operates with significant autonomy and broad scope, independently owning complex and ambiguous application security challenges end-to-end. The role is relied upon to guide high-impact security decisions across multiple teams, products, and services, ensuring outcomes align with business objectives and risk tolerance.

This is a senior individual contributor role with strong expectations for technical leadership, cross-team influence, mentorship, and independent judgment, rather than people management or formal program ownership.

 

What Success Looks Like

Success in this role means:

  • Senior Application Security Subject-Matter Expertise
    You are a recognized internal authority in application security. You provide authoritative guidance on secure design, authentication and identity flows, API security, and cloud-native application risks. Engineering teams consistently rely on your judgment to make high-confidence security decisions in complex and high-impact scenarios.
  • Influence Within Security Programs
    You play a leading, technical role within broader security programs by shaping technical approaches, standards, patterns, and best practices. You influence outcomes through expertise, credibility, and sustained cross-team collaboration rather than formal ownership or authority.
  • Trusted Advisor to Engineering, Product, & Infrastructure
    You act as a trusted security advisor during design reviews, architecture discussions, and risk assessments across multiple teams. You help stakeholders understand security implications and tradeoffs, enabling informed decisions that balance risk, delivery velocity, and business needs.
  • Application-Centric Risk Identification
    You identify, articulate, and contextualize security risks at the intersection of application code, identity and access, CI/CD pipelines, and cloud infrastructure. You are accountable for application security outcomes across multiple services and products, informing security prioritization by clearly surfacing risk tradeoffs and ensuring risks are visible, understood, and appropriately addressed.
  • Independent Ownership of Complex Problems
    You independently own complex, ambiguous application security challenges with broad organizational impact. You define and drive practical solutions end-to-end, coordinating across multiple teams, products, and services to ensure consistent, high-quality security decisions at scale that align with business objectives and risk tolerance.
  • Threat-Informed Security Guidance
    You apply adversarial thinking (threat modeling, attack-path analysis, and application-focused testing) to inform defensive improvements and strengthen real-world resilience across the application landscape.
  • Incident Response and Threat Hunting Support
    You provide senior application security expertise during security incidents and targeted threat-hunting activities. You support investigation and containment by analyzing application behavior, attack paths, and root causes, partnering with detection, infrastructure, and response teams. You do not serve as a primary responder, but help ensure incidents are correctly understood, effectively resolved, and translated into durable security improvements.
  • Standards and Best-Practice Contribution
    You make significant, sustained contributions to application security standards, guidance, and reusable patterns. You integrate these into engineering workflows and practices, helping mature security capabilities across the organization over time.
  • Clear Communication and Influence
    You communicate risks, recommendations, standards, and progress clearly to senior engineers and security leadership, influencing technical decisions through clarity, technical credibility and sound judgment.
  • Cross-Team Mentorship and Capability Building
    You actively mentor engineers and security partners across teams and disciplines, helping elevate application security knowledge, decision-making, and secure design practices. You act as a force multiplier. enabling others to identify risks, apply secure patterns, and make effective security tradeoffs independently.

 

Qualifications

 

Required

  • 6+ years of experience in application or product security roles.
  • Demonstrated impact improving application security outcomes across multiple teams, systems, or business domains.
  • Deep experience securing web applications, APIs, WAF’s, customer identity platforms, and distributed systems.
  • Proven ability to review system designs, data flows, and identify architectural security risks.
  • Strong understanding of authentication and identity protocols (OAuth2, OIDC, SAML, JWT, MFA).
  • Solid understanding of cloud-native application architectures and CI/CD pipelines from an application-risk perspective.
  • Proven ability to design and maintain automated pipelines for SAST, DAST, SCA, secrets detection, etc.
  • Proficiency in one or more modern programming languages.

 

Preferred

  • Experience assessing or threat modeling AI-powered features or LLM integrations, including risks such as prompt injection, data leakage, and abuse.
  • Experience with application-focused penetration testing or adversarial security testing.
  • Familiarity with Kubernetes, container security, and infrastructure-as-code as they relate to application security.
  • Experience operating in regulated environments and aligning security practices with compliance requirements.
  • Relevant security certifications are a plus (e.g., OSWE, GWAPT, or CSSLP), but certifications are not a substitute for demonstrated application security impact.

 

Job Skills We’re Looking For

  • Web Application Security
  • Web Application Firewall (WAF)
  • OWASP
  • API Security
  • Customer Identity and Access Management (CIAM)
  • Continuous Integration/Continuous Delivery (CI/CD)
  • Cloud Security
  • Automation
  • Threat Modeling
  • Secure SDLC
  • Secure design review
  • Authorization models
  • Secrets management

 

Technical Skills / Aptitude

  • SAML
  • OIDC
  • CIAM
  • JWT
  • OAuth 2
  • SCA
  • SAST
  • DAST
  • CSPM
  • Node.js
  • React
  • Kubernetes
  • Terraform
  • Docker
  • JavaScript
  • Python
  • TypeScript

Please send Resumes at hum...@aptivacorp.com

Mohammed Humair || Senior Recruiter
Email: hum...@aptivacorp.com

Web: https://www.aptivacorp.com/

LinkedIn: linkedin.com/in/mohammed-humair-058473124

image

Reply all
Reply to author
Forward
0 new messages