Application Security Engineer & Architect

<p style="text-align:left"><u><b>Job Description</b></u></p><p><span class="emphasis-3"><b>About the Role:</b></span><span> </span>Fragomen, an Am Law 100 Firm and the leading global immigration services provider, is seeking an Application Security Engineer &amp; Architect.&nbsp;This Engineer will join our talent Cyber Security team, which plays a pivotal role in Fragomen's Immigration Technology Innovation Lab. Our industry-leading, immigration-specific applications and technology is undergoing tremendous transformation and security is on the critical path to success in that endeavor. This is an excellent opportunity for a cyber security professional who is passionate about security, capable of effecting change, and ready to take on new challenges.</p><p></p><p><span class="emphasis-3"><b>How will you make a difference as an Application Security Engineer &amp; Architect</b></span><span class="emphasis-3"><b> at Fragomen?</b></span><b><b>&nbsp;</b></b></p><ul><li>Evaluate, propose, and test security verification tools to integrate into development pipelines (e.g., SAST, DAST, SCA, and code scanning tools for secrets and API keys).</li><li>Lead web application reconnaissance efforts, including understanding underlying technology stacks, risk posture, data handling, <span style="overflow-wrap: break-word; display: inline; text-decoration: inherit; hyphens: auto;">authentication/authorization,</span> and proprietary controls.</li><li>Manage SDLC initiatives around Fragomen’s DAST processes, including Invicti integration, discovery scanning, triaging results, and risk reporting.</li><li>Conduct application security penetration testing engagements, manually assessing risk surfaces of both existing and emerging web applications; document findings and assist with remediation advice.</li><li>Perform architectural reviews of applications to ensure secure design and implementation.</li><li>Secure source code through in-depth analysis (.NET, Python, Java, etc.), assisting with SAST/SCA triage, reporting, and addressing development team remediation queries.</li><li>Collaborate with 3rd party security firms by providing credentials, demos, and evaluating the accuracy and proficiency of penetration testing reports.</li><li>Act as the proactive security liaison between AppSec and key stakeholders (Software Development, DevOps, Compliance teams), including potential external customer-facing communications.</li><li>Automate security workflows and integrate security checks into build and release pipelines, optimizing security testing based on policy, code changes, and risk.</li><li>Design and recommend gating strategies to enforce security controls at appropriate SDLC stages.</li><li>Operate and maintain security tools while participating in tasks across other IT Security domains (threat detection, security engineering, architecture, incident response).</li><li>Stay ahead of the dynamic security landscape by securing and architecting protections for emerging technologies, including AI, tooling, and frameworks, aligned with business needs.</li></ul><p></p><p><span class="emphasis-3"><b>Leverage your valuable skills and experience to make an impact at Fragomen:</b></span></p><ul><li>3+ years of experience in web application development and cybersecurity.</li><li>Strong scripting and coding skills with frameworks such as .NET, Python, Bash, PowerShell.</li><li>Experience with CICD tools (e.g., Jenkins, GitLab, Bamboo, Octopus, Proget).</li><li>Knowledge of SDLC best practices.</li><li>Familiarity with cloud-native security tools and Kubernetes is a plus.</li><li>Strong communication skills, capable of maintaining professionalism under pressure.</li><li>Relevant certifications such as GWEB, OSCP preferred.</li><li>BA degree in related field or equivalent experience.</li></ul><p></p><p><span class="emphasis-3"><b>Benefits:</b></span></p><p>At Fragomen, we know that great people make a great organization. We value our people and offer employees a broad range of benefits which includes:</p><ul><li>22 PTO days + Federal holidays</li><li>Medical, Dental, and Vision plans + FSA &amp; HSA Plans</li><li>401K plan</li></ul><p></p><p><span class="emphasis-3"><b>Learn More About Fragomen:</b></span><span> </span></p><p>Please take time to read <i>About Us</i>, explore the <i>Meaningful and Impactful Work</i> we do for our clients, and review the standard<i> Benefits</i> we offer. You can find all the material to the right of this page.</p><p></p><p><i><span>All offers and/or employment contracts are contingent upon the successful completion of the Firm’s pre-employment screening process. This process may include verifying the candidate’s identity, confirming legal authorization to work in the offered position's location, and conducting a comprehensive background check, where permitted by local regulations.</span></i></p>