Senior Application Security Engineer

I’m a Sr. Recruiter with Robert Half Technology. I have been filling IT/Technology roles across the US for the last 18 years. I’m reaching out to you as I have an Application Security Engineer role open. I thought it might be a good fit. If interested please send me your resume in word format and provide the following:Desired hourly rate (W2, 1099, or C2C):Work Status in US:Current location:Role: Application Security EngineerDuration: 6 months Possible Contract-to-Hire (No sponsorship)Location: Carrollton, TX (NW Dallas). On-Site roleOverviewThe Application Security Engineer champions the integration of security at every stage of the SDLC, partnering with IT and development teams to implement threat modeling, security reviews, and automated assessments that strengthen and evolve the organization's application security posture.Experience building AppSec Engineering | DevSecOps programs from scratch.Ability to work through the politics of building something new and ruffling feathers while building relationshipsProvide training and coordinating with app dev team to create secure code practices1. Azure DevOps2. Aws DevOps3. GithubResponsibilities• Oversee and support the execution of the Application Security program, providing security governance and guidance across engineering teams.• Drive the implementation and usage of application security tooling (e.g., SAST, DAST, SCA, fuzz testing) while maintaining flexibility across technologies.• Collaborate with stakeholders to define security metrics and reporting mechanisms that inform leadership and guide remediation priorities.• Mentor developers and serve as the voice of application security—translating risks into actionable strategies for both technical and non-technical stakeholders.• Ensure that vulnerabilities are remediated before code moves to production and provide guidance on the remediation process for application/API security vulnerabilities.• Tracking and managing vulnerabilities while working with developers to empower them with secure coding practices.• Coordinate with Application Development and Security teams to foster collaboration and ensure that security is embedded throughout the development lifecycle.• Utilize automation to Incorporate security measures into the DevOps pipeline to protect applications and APIs.• Evaluate third-party services for potential weaknesses in their security posture. Qualifications • 5+ Years’ experience in Application Security with demonstrated success securing web, mobile, or cloud apps in production, with hands-on SAST/DAST/SCA experience.• Proven ability to assess existing security designs and strategically mature them over time, moving beyond basic implementations to robust, resilient systems• Deep knowledge of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.).• Strong knowledge of common web, API and cloud vulnerabilities (e.g. OWASP Top 10, CWE, auth flaws etc.)• Deep knowledge of vulnerabilities, reachability, exploitability and how they affect applications• Skills in code scanning methods including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IaC) Security, API Security, and Dynamic Application Security Testing (DAST)• Knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications• Experience with custom scripting (python, C++, PowerShell, bash, etc.) and process automation• Strong knowledge of common enterprise infrastructure technology stacks and network configurations• Knowledge of shift-left strategies and embedding controls early in the development lifecycle• Knowledge of automated code scanning tools and development pipeline tools• Ability to balance security requirements with business needs