Talener
- Engagement Type: Contract (3-month initial term)
- Compensation: Up to $100/hr. (depending on experience)
- Location: Hybrid (2x on-site) Mount Laurel, NJ
- Embedded Advisory & Threat Modeling: Serve as the primary security advisor for engineering squads, conducting secure design reviews and threat modeling prior to product releases.
- Vulnerability Testing & Triage: Perform manual penetration testing of web applications and APIs (via Burp Suite Pro), triage findings with developers, and drive remediation within SLA targets.
- Pipeline Automation (CI/CD): Integrate and optimize automated security scanning gates (SAST, DAST, SCA, and secrets detection) into active developer workflows without creating delivery bottlenecks.
- Runtime Protection: Define and tune WAF and RASP policies to block live threats while ensuring zero disruption to production deployment schedules.
- Posture & Configuration Management: Oversee CSPM, configuration hardening, and architectural validation across multi-cloud environments (AWS/Azure), including containerized workloads.
- Secure Access Modernization: Partner with network infrastructure teams to drive a major enterprise SASE/SSE modernization and secure-access migration initiative.
- Operations & Incident Response: Act as the escalation point for the 24/7 MSSP, maintain incident playbooks, lead root-cause investigations, and author executive post-mortems.
- Identity & Access Governance: Optimize enterprise identity controls using advanced cloud directory services, conditional access policies, and data loss prevention (DLP) tools.
- Third-Party Risk & Assessment: Lead third-party risk evaluations for emerging tech vendors (including VoiceAI/enterprise AI) and manage the end-to-end lifecycle of external penetration testing.
- Regulatory Alignment: Drive control-gap remediation and evidence collection to maintain alignment with NYDFS 23 NYCRR Part 500 and PCI DSS v4.0.
- Audit Readiness: Author clear, executive-grade compliance documentation suitable for regulatory bodies, internal leadership, and institutional due diligence.
- Industry Tenure: 12+ years of dedicated cybersecurity experience with proven, hands-on leadership spanning both AppSec and cloud infrastructure.
- Advanced Engineering: Deep technical mastery of web/API security testing, automated pipeline gating, and multi-cloud security engineering (AWS and Azure).
- Compliance & Audit Literacy: Direct audit experience with PCI DSS and at least one other major framework (NIST 800-53, ISO 27001, SOX, GLBA). Direct familiarity with NYDFS Part 500 is highly advantageous.
- Credentials: CISSP or an equivalent senior security certification is required. Offensive or AppSec-specific certifications (e.g., OSCP, GWAPT, GPEN) are highly preferred.
- Consultative Mindset: Exceptional self-direction with the executive presence required to brief leadership, interface with developers, and operate independently in a fast-moving environment.
- Prior experience in heavily regulated sectors (Financial Services, Insurance, or FinTech).
- Familiarity with enterprise security tooling (e.g., Snyk, Checkmarx, Veracode, Kubernetes, Docker).
- Background working within a premier cybersecurity consultancy or an MSSP environment.
- Experience supporting corporate security due diligence for M&A or private equity events.
- Exposure to AI governance frameworks and securing LLM cloud integrations.
{“@context”:”http://schema.org”,”@type”:”JobPosting”,”baseSalary”:null,”datePosted”:”2026-07-06″,”validThrough”:”2027-07-06″,”description”:”<div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: bold; font-family: inherit; font-size: inherit;">Senior Application Security Engineer – Cloud Security</strong></div><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"><br fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"></div><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: bold; font-family: inherit; font-size: inherit;">Position Overview</strong></div><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;">A highly regulated consumer services firm is seeking an experienced, hands-on Senior Application Security Consultant for an initial 3-month contract engagement with a strong likelihood of extension. Reporting directly to the CISO, you will step into a pivotal role managing end-to-end application and cloud security reviews for upcoming product deployments, driving critical third-party risk initiatives, and keeping the enterprise aligned with stringent financial and data privacy regulatory frameworks.</div><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"><br fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"></div><ul fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit; margin-top: 0px; margin-bottom: 10px;" type="disc"><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Engagement Type: Contract (3-month initial term)</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Compensation: Up to $100/hr. (depending on experience)</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Location: Hybrid (2x on-site) Mount Laurel, NJ</li></ul><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: bold; font-family: inherit; font-size: inherit;">Core Responsibilities</strong></div><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;">Application Security & DevSecOps</div><ul fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit; margin-top: 0px; margin-bottom: 10px;" type="disc"><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Embedded Advisory & Threat Modeling: Serve as the primary security advisor for engineering squads, conducting secure design reviews and threat modeling prior to product releases.</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Vulnerability Testing & Triage: Perform manual penetration testing of web applications and APIs (via Burp Suite Pro), triage findings with developers, and drive remediation within SLA targets.</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Pipeline Automation (CI/CD): Integrate and optimize automated security scanning gates (SAST, DAST, SCA, and secrets detection) into active developer workflows without creating delivery bottlenecks.</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Runtime Protection: Define and tune WAF and RASP policies to block live threats while ensuring zero disruption to production deployment schedules.</li></ul><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: bold; font-family: inherit; font-size: inherit;">Cloud Security & Infrastructure Hardening</strong></div><ul fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit; margin-top: 0px; margin-bottom: 10px;" type="disc"><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Posture & Configuration Management: Oversee CSPM, configuration hardening, and architectural validation across multi-cloud environments (AWS/Azure), including containerized workloads.</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Secure Access Modernization: Partner with network infrastructure teams to drive a major enterprise SASE/SSE modernization and secure-access migration initiative.</li></ul><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: bold; font-family: inherit; font-size: inherit;">SecOps, Incident Response & Vendor Risk</strong></div><ul fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit; margin-top: 0px; margin-bottom: 10px;" type="disc"><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Operations & Incident Response: Act as the escalation point for the 24/7 MSSP, maintain incident playbooks, lead root-cause investigations, and author executive post-mortems.</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Identity & Access Governance: Optimize enterprise identity controls using advanced cloud directory services, conditional access policies, and data loss prevention (DLP) tools.</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Third-Party Risk & Assessment: Lead third-party risk evaluations for emerging tech vendors (including VoiceAI/enterprise AI) and manage the end-to-end lifecycle of external penetration testing.</li></ul><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: bold; font-family: inherit; font-size: inherit;">Compliance, Risk & Governance (GRC)</strong></div><ul fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit; margin-top: 0px; margin-bottom: 10px;" type="disc"><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Regulatory Alignment: Drive control-gap remediation and evidence collection to maintain alignment with NYDFS 23 NYCRR Part 500 and PCI DSS v4.0.</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Audit Readiness: Author clear, executive-grade compliance documentation suitable for regulatory bodies, internal leadership, and institutional due diligence.</li></ul><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: bold; font-family: inherit; font-size: inherit;">Candidate Qualifications</strong></div><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;">Required Experience & Technical Skills</div><ul fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit; margin-top: 0px; margin-bottom: 10px;" type="disc"><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Industry Tenure: 12+ years of dedicated cybersecurity experience with proven, hands-on leadership spanning both AppSec and cloud infrastructure.</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Advanced Engineering: Deep technical mastery of web/API security testing, automated pipeline gating, and multi-cloud security engineering (AWS and Azure).</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Compliance & Audit Literacy: Direct audit experience with PCI DSS and at least one other major framework (NIST 800-53, ISO 27001, SOX, GLBA). Direct familiarity with NYDFS Part 500 is highly advantageous.</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Credentials: CISSP or an equivalent senior security certification is required. Offensive or AppSec-specific certifications (e.g., OSCP, GWAPT, GPEN) are highly preferred.</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Consultative Mindset: Exceptional self-direction with the executive presence required to brief leadership, interface with developers, and operate independently in a fast-moving environment.</li></ul><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: bold; font-family: inherit; font-size: inherit;">Preferred Attributes</strong></div><ul fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit; margin-top: 0px; margin-bottom: 10px;" type="disc"><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Prior experience in heavily regulated sectors (Financial Services, Insurance, or FinTech).</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Familiarity with enterprise security tooling (e.g., Snyk, Checkmarx, Veracode, Kubernetes, Docker).</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Background working within a premier cybersecurity consultancy or an MSSP environment.</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Experience supporting corporate security due diligence for M&A or private equity events.</li><li fr-original-style="font-family:serif;font-size:13px;" style="font-family: serif; font-size: 13px; box-sizing: border-box;">Exposure to AI governance frameworks and securing LLM cloud integrations.</li></ul><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;">For more information and apply, contact Ethan Furphy <a fr-original-style="" href="mailto:efurphy@talener.com" style="box-sizing: border-box; user-select: auto; background: transparent; color: rgb(0, 67, 116); text-decoration: underline; font-family: inherit; font-size: inherit; outline: 0px; cursor: pointer;">efurphy@talener.com</a></div><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"><br fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"></div><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"> </div><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"><br fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"></div><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;">#LI-Hybrid</div><div fr-original-style="" style="box-sizing: border-box; font-family: inherit; font-size: inherit;"> </div>”,”employmentType”:”CONTRACTOR”,”hiringOrganization”:{“@type”:”Organization”,”name”:”Talener”},”jobLocation”:{“@type”:”Place”,”address”:{“@type”:”PostalAddress”,”streetAddress”:null,”addressLocality”:”Naperville”,”addressRegion”:”IL”,”postalCode”:null,”addressCountry”:null}},”title”:”Senior Application Security Engineer – Cloud Security”,”url”:”https://talener.com/jobs/?cjobid=AD208104376&rpid=1660070&postid=KxSovvjc-JA”,”identifier”:{“@type”:”PropertyValue”,”name”:”Talener”,”value”:null}}