Skills

Communication Leadership Python Java Penetration Testing Incident Response Cloud Security Burp Suite CI/CD DevOps Kubernetes Security Testing Problem-solving Linux Windows Databases Azure react node.js AWS SDLC .NET .NET Core Spring Spring Boot Kafka Windows Server

Job Specifications

We are seeking a senior-level Application Cybersecurity Engineer to design, implement, and maintain security programs that protect our software applications, data, and systems from cyber threats. This role partners closely with technology leadership, leads application security operations, manages security testing across the SDLC, and serves as the primary point of contact for all application security matters.

Key Responsibilities

Collaborate with technology leadership to define and execute application security strategy.
Provide security guidance and consultation for new and existing application development initiatives.
Lead application security operations, incident response, and investigations; communicate risks and findings to senior leadership.
Serve as the primary liaison to the Managed Security Operations Center (SOC).
Identify, assess, and remediate application vulnerabilities using SAST, DAST, SCA, penetration testing, and threat modeling.
Define and enforce secure development practices aligned with OWASP and NIST SSDF.
Oversee security tooling for source code scanning, secrets detection, containers, Infrastructure-as-Code, runtime protection, and APIs.
Conduct security assessments, audits, and compliance activities.
Educate engineering teams on secure coding and application security best practices.
Stay current on emerging threats, trends, and technologies and recommend improvements to security posture.

Required Qualifications

Bachelor’s degree in Cybersecurity, Computer Science, or a related field.
Proven experience as a Security Engineer utilizing OWASP and NIST SSDF frameworks.
Strong knowledge of application, operating system, database, network, and cloud security.
Ability to identify and explain vulnerabilities in modern application stacks including Java/Spring Boot, React, Node.js, .NET Core, Python, messaging platforms (e.g., Kafka), and relational databases.
Hands-on experience with AWS, Azure, Windows Server, and Linux security.
Strong experience supporting containerized applications, preferably Kubernetes within AWS (EKS).
Demonstrated experience securing APIs and modern web applications.
Industry certifications such as CISSP, CISM, or GIAC.
Excellent analytical, problem-solving, and communication skills.

Preferred Qualifications

Master’s degree in Cybersecurity, Computer Science, or a related field.
Advanced certifications such as CEH, OSCP, or CHFI.
7–10+ years of total experience with 3–5+ years focused on Application Security or platform security.
Experience with security tools such as Fortify, Burp Suite, SonarCloud, and Datadog.
Familiarity with DevOps environments and CI/CD pipeline security (SAST/DAST integration).
Experience with IAM solutions (Okta) and eCommerce platforms (Magento preferred).
Knowledge of regulatory and compliance frameworks (e.g., GDPR, SOX).
Strong leadership, mentoring, project coordination, and vendor management skills.
Experience with secure design patterns, threat modeling (STRIDE), and risk assessments.

About the Company

Soni is a premier staffing & recruitment company that is disrupting the human capital management space. Headquartered in New York, Soni has presence in 23 markets across the United States. We support each professional relationship with a cutting-edge approach, industry-leading insights, and a human touch. We are trusted to help companies and individuals tackle their challenges and capture their greatest opportunities. We are committed to creating environments where people are empowered to be their authentic selves. Know more