Apply Now
Contract Type: C2C
Posted: 1 week ago
Closed Date: 06/05/2025
Skills: DevOps/CI-CD
Visa Type: Any Visa

Title: Software Security Assurance Project Manager

Location: Remote (NYC)

MOI: Skype

35-hour work/week

 

 MANDATORY SKILLS/EXPERIENCE 

• At least 8 years of hands-on experience in application security, secure software development, or security consulting

• Experience conducting security reviews (code, design threat modeling, architecture) for modern applications (web, mobile, cloud-native)

• Strong knowledge of secure development practices, OWASP Top 10, and relevant standards

• Ability to communicate technical risks and recommendations clearly to technical and non-technical audiences

• Familiarity with tools used in code analysis, vulnerability scanning, and security testing

• Experience working cross-functionally with developers, engineers, and product teams

 

Perform application security services including risk assessments, architecture reviews, and code review for internal and third party applications

• Coordinate with developers, project teams, and third-party vendors to assess and guide secure software development and integration

• Provide consultative guidance during design, development, and deployment phase of new solutions

• Review threat models, validate security controls, and ensure alignment with security policies

• Review and interpret security testing reports and vulnerability findings, and assist with risk remediation strategies

• Contribute improvements in existing AppSec process, workflows, and documentation

• Participate in defining and expanding secure software development lifecycle practices across the organization

• Support the development and refinement of policy and governance documents related to software security

• Track and report on security metrics, status of findings, and overall risk trends

• Support management of tools, resources, and schedules for security testing

  

DESIRABLE SKILLS/EXPERIENCE:  

• Experience working within or alongside DevOps/CI-CD environments

• Familiarity with container security, API security, and cloud-native application architectures (AWS, Azure, GCP)

• Experience supporting security governance or policy development

• Experience with risk exception processes or helping define security risk tolerances

• Experience in large, complex organizations or government/public sector environments

• Experience with third-party risk assessments, vendor management, or SaaS reviews