JuniorApplication Security Specialist

Ampcus Inc. is a certified global provider of a broad range of Technology and Business consulting services. We are in search of a highly motivated candidate to join our talented Team.

Job Title: Junior Application Security Specialist

Location(s): Princeton, NJ

Hybrid:
One day at office

The Junior Application Security Specialist will support the design, implementation, and continuous improvement of our Application Security and Dev Sec Ops  practices. This role works closely with Dev Ops, engineering, and IT stakeholders to embed security into every stage of the software development lifecycle, leveraging modern automation, secure coding standards, and industry frameworks such as the OWASP Top 10 and OWASP ASVS.

The ideal candidate is a hands-on technologist with strong analytical skills, excellent communication abilities, and a strong ethical compass.

• Application Security & Dev Sec Ops :
  Support the adoption of Application Security and Dev Sec Ops  automation, helping to drive consistent security practices across development teams.
• Assist in developing and promoting best practices for Dev Sec Ops  and secure CI/CD, ensuring security controls are integrated into pipelines and development workflows.
• Help stay current on emerging security tools, techniques, and processes, and contribute ideas to drive innovation and process maturity in the application security program.

• Work with Dev Ops teams and managers to train and educate product and engineering teams on information security concepts and standards (e.g., OWASP ASVS, OWASP Top 10).
• Help create and maintain training materials, documentation, and guidance to support secure development practices.

• Participate in threat modeling and design reviews to assess security implications of new features, architectures, and code deployments.
• Assist in identifying potential threats, attack vectors, and abuse cases, and in documenting recommended mitigations.

• Use and help operate code scanning tools and technologies such as SAST, SCA, IaC scanning, secrets scanning, and DAST as part of the secure SDLC.
• Triage SAST/SCA findings by:
  • Validating vulnerabilities in code (primarily Python and JavaScript).
  • Mapping issues to relevant items in the OWASP Top 10.
  • Providing clear, actionable mitigation guidance to engineering teams and developers.
• Collaborate with teams to track, measure, and communicate the quality and effectiveness of risk management processes and controls applicable to IT and application security.

• Apply a working understanding of how code is deployed into cloud environments such as AWS and Azure.
• Support reviews of Infrastructure as Code (IaC) (e.g., Terraform) for security misconfigurations and compliance with internal standards and best practices.

• Use Python scripting to automate repetitive tasks, integrate security tools, and support Dev Sec Ops  workflows.
• Work with Dev Ops tooling such as Docker, Terraform, and Git-based platforms (Git Lab / Git Hub) to ensure security is integrated into build, deployment, and runtime environments.

• Maintain a good understanding of current and emerging cybersecurity and privacy regulations and practices, and how leading enterprises are employing them.
• Support efforts to explain regulatory and policy requirements to IT and engineering stakeholders in clear, practical terms.
• Assist in tracking and communicating key metrics that reflect the effectiveness of risk management processes, controls, and security initiatives.

• Deliver or support presentations to IT and business representatives on security technologies, Dev Sec Ops  practices, and industry trends.
• Communicate clearly and professionally with diverse stakeholders, helping balance security, business, and delivery priorities.
• Help build consensus across teams, supporting decision-making for security initiatives and gaining buy-in from relevant stakeholders.

• Bachelor's degree in Computer Science, Information Security, Engineering, or a related field, or equivalent practical experience.
• Hands-on exposure (academic, project, or professional) to:
• Application security concepts and secure coding practices.
• Code scanning tools and techniques such as SAST, SCA, IaC scanning, secrets scanning, and DAST.
• Practical experience (coursework, labs, or professional) with at least some of:
• Python for scripting and automation.
• Dev Ops tooling such as Docker, Terraform, Git Lab and/or Git Hub.
• Deploying or working with applications in cloud environments (AWS, Azure, etc.).

• Technical Skills
  • Good understanding of:
    Secure software development lifecycle (SSDLC) concepts.
  • Modern CI/CD pipelines and Dev Sec Ops …