Application Security Engineer

Application Security Engineer | Location: New York, NY or Charlotte, NC | Contract

his Application Security Engineer contract role will embed security into the software development lifecycle to protect enterprise applications across web, mobile, and API ecosystems. You'll partner with engineering, product, and infrastructure teams to proactively identify and remediate vulnerabilities, mature DevSecOps practices, and support secure integrations for AI-enabled applications such as ChatGPT.

Key Responsibilities

• Design, implement, and maintain application security controls across web, mobile, and API-based platforms.
• Conduct secure code reviews, vulnerability assessments, and penetration testing to identify and prioritize risk.
• Partner with development teams to embed secure-by-design principles throughout the SDLC.
• Identify, assess, and remediate vulnerabilities, including OWASP Top 10 and API security risks.
• Implement and manage application security tools, including SAST, DAST, SCA, IAST, and container security capabilities.
• Integrate security into CI/CD pipelines by strengthening DevSecOps practices and automation.
• Define and enforce secure coding standards and best practices across development teams.
• Perform threat modeling and risk analysis for new and existing applications to drive security requirements upstream.
• Collaborate with cloud and infrastructure teams to implement secure deployment architectures in AWS, Azure, or GCP.
• Monitor and respond to application-layer security incidents and newly discovered vulnerabilities.
• Contribute to security awareness initiatives and developer training programs.
• Create and maintain security documentation, including standards, architecture diagrams, and remediation plans.
• Support governance and security controls for AI-enabled application integrations, including ChatGPT.

Required Qualifications

• 5+ years of experience in application security, software security, or cybersecurity engineering.
• Strong knowledge of OWASP Top 10, secure coding practices, and common vulnerability patterns.
• Experience with application security tools (SAST, DAST, SCA, IAST, and container scanning tools).
• Hands-on experience securing web applications, APIs, and microservices architectures.
• Familiarity with cloud environments (AWS, Azure, or GCP).
• Experience with secure SDLC practices, threat modeling, and vulnerability management.
• Understanding of authentication/authorization protocols (OAuth, OIDC, SAML, JWT).
• Proficiency in one or more programming languages (Java, Python, JavaScript, or similar).
• Strong communication and collaboration skills.
• Strong analytical, documentation, and problem-solving abilities.
• Ability to work in a hybrid environment in NYC or Charlotte, NC.

Preferred Qualifications

• Experience securing applications that integrate with platforms like ChatGPT or other AI/LLM services.
• Familiarity with DevSecOps tooling and CI/CD platforms (GitHub Actions, Jenkins, Azure DevOps, etc.).
• Experience with API security frameworks and gateway technologies.
• Knowledge of container and Kubernetes security.
• Background in enterprise-scale or regulated environments.
• Experience with red team/blue team exercises or bug bounty programs.
• Relevant certifications (e.g., CSSLP, GWAPT, OSCP, CEH).

About Delphi-US - Peacemakers in the Talent War

Delphi-US is a national IT Services firm based in Newport, Rhode Island. Delphi attracts our nation's best and brightest Technical & Professional Talent and positions our nation's finest employers to further their competitive advantages. Delphi's core technical focus includes Data Intelligence Engineering & Analytics, AI/ML Operational Excellence, DevOps & Cloud Computing, Health IT & Life Sciences, and Energy Management/Power Systems; serving domains from sensitive national energy sectors to critical financial services, biomed, life sciences & pharma, major government & municipal institutions, and much of the USA's Fortune 500 corporations. Delphi Associates are deployed on critical IT Projects where their consultative business acumen, comprehensive technical expertise, and committed service mission drives our client's success. Our proprietary skill-based and cultural matching process results in higher qualified project teams, custom curated for our client's specific technical & functional goals. We are supremely experienced, friendly, professional, and ready to advocate on your behalf. Delphi has an indelible understanding of employer expectations, a track record of project success and we deliver lasting results.
6100
#LI-RS1