API Application Security Engineer (contract)

Join to apply for the API Application Security Engineer (contract) role at Capgemini.

We are seeking an experienced Application Security Engineer with 5+ years of hands-on application security experience. The ideal candidate will be responsible for securing software applications throughout their lifecycle, identifying and mitigating vulnerabilities, conducting security assessments, and ensuring adherence to security best practices and standards.

1. Security Design and Implementation: Design and implement security measures for applications, considering architecture, coding standards, and deployment environments. Collaborate with development teams to integrate security into the Software Development Lifecycle (SDLC). Develop and maintain security policies, procedures, and standards.
2. Vulnerability Assessment And Remediation: Conduct security assessments, including code reviews, static and dynamic analysis, and penetration testing. Identify and prioritize security vulnerabilities. Work with development teams to remediate identified vulnerabilities.
3. Security Testing And Monitoring: Oversee regular security testing on applications and systems. Implement and manage security tools and processes for automated security testing. Monitor applications for security incidents and vulnerabilities.
4. Threat Modeling And Risk Management: Create threat models to identify potential security threats and vulnerabilities. Assess and manage security risks. Develop and implement security controls to mitigate risks.
5. Education And Training: Educate and train developers on secure coding practices and security best practices. Contribute to creating a security-conscious culture within the organization.
6. Staying Up-to-Date: Stay current with the latest security threats, trends, and countermeasures. Evaluate emerging threats and propose improvements to security measures.
7. Documentation And Reporting: Create and maintain documentation and metrics relating to application security. Prepare reports and dashboards to track security performance.

Core Expertise: Application security engineering, vulnerability management, security policy design, secure software development.

Languages & Frameworks: Knowledge of secure coding practices in major languages (e.g., Java, Python, .NET), familiarity with SDLC integration.

Security & Testing Tools: SAST/DAST tools, penetration testing, security incident monitoring, security automation tools.

Cloud & Containerization: Security practices for cloud deployments and containerized environments (preferred).

DevOps & CI/CD: Integration of security tools and processes in CI/CD pipelines.

Other Tools & Technologies: Threat modeling, risk management, reporting/dashboarding tools, code review automation.

Soft Skills: Effective communication, training and mentorship, risk assessment, proactive problem-solving, collaborative mindset.

The pay range for this position is $30.05/hour - $46.95/hour. Benefits include medical, dental, vision, and retirement plans. Applications are accepted ongoing. We are an equal opportunity employer and consider qualified applicants regardless of background or criminal records, in accordance with applicable laws.