Skills

Communication Python JavaScript Risk Management GitHub GitLab CI/CD DevOps Docker Scripting and Automation Security Testing Stakeholder Management Decision-making Training git Analytical Skills Azure AWS Software Development SDLC CI/CD Pipelines Terraform Infrastructure as Code

Job Specifications

Role : Junior Application Security Specialist

Location : Princeton, NJ (Hybrid -1 day per week in the office)

Position type :Contract

JOB DESCRIPTION

The Junior Application Security Specialist will support the design, implementation, and continuous improvement of our Application Security and DevSecOps practices.

This role works closely with DevOps, engineering, and IT stakeholders to embed security into every stage of the software development lifecycle, leveraging modern automation, secure coding standards, and industry frameworks such as the OWASP Top 10 and OWASP ASVS. The ideal candidate is a hands-on technologist with strong analytical skills, excellent communication abilities, and a strong ethical compass.

Key Responsibilities

Application Security & DevSecOps
Support the adoption of Application Security and DevSecOps automation, helping to drive consistent security practices across development teams.
Assist in developing and promoting best practices for DevSecOps and secure CI/CD, ensuring security controls are integrated into pipelines and development workflows.
Help stay current on emerging security tools, techniques, and processes, and contribute ideas to drive innovation and process maturity in the application security program.

Developer Enablement & Training

Work with DevOps teams and managers to train and educate product and engineering teams on information security concepts and standards (e.g., OWASP ASVS, OWASP Top 10).
Help create and maintain training materials, documentation, and guidance to support secure development practices.

Secure Design, Threat Modeling & Reviews

Participate in threat modeling and design reviews to assess security implications of new features, architectures, and code deployments.
Assist in identifying potential threats, attack vectors, and abuse cases, and in documenting recommended mitigations.

Vulnerability Management & Code Analysis

Use and help operate code scanning tools and technologies such as SAST, SCA, IaC scanning, secrets scanning, and DAST as part of the secure SDLC.
Triage SAST/SCA findings by:
Validating vulnerabilities in code (primarily Python and JavaScript).
Mapping issues to relevant items in the OWASP Top 10.
Providing clear, actionable mitigation guidance to engineering teams and developers.
Collaborate with teams to track, measure, and communicate the quality and effectiveness of risk management processes and controls applicable to IT and application security.

Cloud & Infrastructure as Code

Apply a working understanding of how code is deployed into cloud environments such as AWS and Azure.
Support reviews of Infrastructure as Code (IaC) (e.g., Terraform) for security misconfigurations and compliance with internal standards and best practices.

Automation & Tooling

Use Python scripting to automate repetitive tasks, integrate security tools, and support DevSecOps workflows.
Work with DevOps tooling such as Docker, Terraform, and Git-based platforms (GitLab / GitHub) to ensure security is integrated into build, deployment, and runtime environments.

Governance, Risk, and Compliance

Maintain a good understanding of current and emerging cybersecurity and privacy regulations and practices, and how leading enterprises are employing them.
Support efforts to explain regulatory and policy requirements to IT and engineering stakeholders in clear, practical terms.
Assist in tracking and communicating key metrics that reflect the effectiveness of risk management processes, controls, and security initiatives.

Communication & Stakeholder Management

Deliver or support presentations to IT and business representatives on security technologies, DevSecOps practices, and industry trends.
Communicate clearly and professionally with diverse stakeholders, helping balance security, business, and delivery priorities.
Help build consensus across teams, supporting decision-making for security initiatives and gaining buy-in from relevant stakeholders.

Required Qualifications & Experience

Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field, or equivalent practical experience.
Hands-on exposure (academic, project, or professional) to:
Application security concepts and secure coding practices.
Code scanning tools and techniques such as SAST, SCA, IaC scanning, secrets scanning, and DAST.
Practical experience (coursework, labs, or professional) with at least some of:
Python for scripting and automation.
DevOps tooling such as Docker, Terraform, GitLab and/or GitHub.
Deploying or working with applications in cloud environments (AWS, Azure, etc.).
Familiarity with OWASP ASVS and the OWASP Top 10 and how these apply to real-world web or API applications.

Skills & Competencies

Technical Skills

Good understanding of:

Secure software development lifecycle (SSDLC) concepts.
Modern CI/CD pipelines and DevSecOps practices.
Application security testing approaches (static, dynamic, dependency, and IaC scanning).
Strong knowle

About the Company

Net2Source (N2S) is a global workforce solutions company recognized by SIA as the largest and fastest-growing Total Talent Solutions provider with a presence in 32 countries. and in-house Glo-Cal (global and local) teams to support our clients. We carve out custom talent solutions, keeping People, Process, and Technology as the pillars of making the process simple, robust, and efficient. With over 3,500+ contractors working worldwide, we specialize in Contingent Staffing, RPO, Direct Sourcing, Payroll Solutions (EOR/AOR), ... Know more