Application Security Engineer

Application Security Engineer & Architect page is loaded## Application Security Engineer & Architectlocations: US-Corporate Remotetime type: Full timeposted on: Posted 30+ Days Agojob requisition id: REQ-020684**Job Description****About the Role:** Fragomen, an Am Law 100 Firm and the leading global immigration services provider, is seeking an Application Security Engineer & Architect. This Engineer will join our talent Cyber Security team, which plays a pivotal role in Fragomen's Immigration Technology Innovation Lab. Our industry-leading, immigration-specific applications and technology is undergoing tremendous transformation and security is on the critical path to success in that endeavor. This is an excellent opportunity for a cyber security professional who is passionate about security, capable of effecting change, and ready to take on new challenges.**How will you make a difference as an Application Security Engineer & Architect*** Evaluate, propose, and test security verification tools to integrate into development pipelines (e.g., SAST, DAST, SCA, and code scanning tools for secrets and API keys).* Lead web application reconnaissance efforts, including understanding underlying technology stacks, risk posture, data handling, authentication/authorization, and proprietary controls.* Manage SDLC initiatives around Fragomen’s DAST processes, including Invicti integration, discovery scanning, triaging results, and risk reporting.* Conduct application security penetration testing engagements, manually assessing risk surfaces of both existing and emerging web applications; document findings and assist with remediation advice.* Perform architectural reviews of applications to ensure secure design and implementation.* Secure source code through in-depth analysis (.NET, Python, Java, etc.), assisting with SAST/SCA triage, reporting, and addressing development team remediation queries.* Collaborate with 3rd party security firms by providing credentials, demos, and evaluating the accuracy and proficiency of penetration testing reports.* Act as the proactive security liaison between AppSec and key stakeholders (Software Development, DevOps, Compliance teams), including potential external customer-facing communications.* Automate security workflows and integrate security checks into build and release pipelines, optimizing security testing based on policy, code changes, and risk.* Design and recommend gating strategies to enforce security controls at appropriate SDLC stages.* Operate and maintain security tools while participating in tasks across other IT Security domains (threat detection, security engineering, architecture, incident response).* Stay ahead of the dynamic security landscape by securing and architecting protections for emerging technologies, including AI, tooling, and frameworks, aligned with business needs.**Leverage your valuable skills and experience to make an impact at Fragomen:*** 3+ years of experience in web application development and cybersecurity.* Strong scripting and coding skills with frameworks such as .NET, Python, Bash, PowerShell.* Experience with CICD tools (e.g., Jenkins, GitLab, Bamboo, Octopus, Proget).* Knowledge of SDLC best practices.* Familiarity with cloud-native security tools and Kubernetes is a plus.* Strong communication skills, capable of maintaining professionalism under pressure.* Relevant certifications such as GWEB, OSCP preferred.* BA degree in related field or equivalent experience.**Benefits:**At Fragomen, we know that great people make a great organization. We value our people and offer employees a broad range of benefits which includes:* 22 PTO days + Federal holidays* Medical, Dental, and Vision plans + FSA & HSA Plans* 401K plan**Learn More About Fragomen:**Please take time to read , explore the *Meaningful and Impactful Work* we do for our clients, and review the standard *Benefits* we offer. You can find all the material to the right of this page.*All offers and/or employment contracts are contingent upon the successful completion of the Firm’s pre-employment screening process. This process may include verifying the candidate’s identity, confirming legal authorization to work in the offered position's location, and conducting a comprehensive background check, where permitted by local regulations.*locations: US-Corporate Remotetime type: Full timeposted on: Posted 21 Days Ago**Well-being.** We are committed to implementing firmwide initiatives that support the health and wellness of our people, including programs to address work-life balance and benefits that cover a wide range of well-being needs of all employees.Our **#FragomenWorks** program provides the ability to be successful at home or in the office, via Hybrid & Remote work arrangements.
#J-18808-Ljbffr