Cyber Security Engineer

Job Description

Job Description

Cyber Security Engineer IV (Application Security)

Locations: Charlotte, NC or Detroit, MI (Hybrid – 3 days onsite)

Rate: $50–$55/hr on W-2

No C2C | Candidates must be authorized to work in the U.S. without sponsorship

Contract Role

Position Overview

We are seeking an experienced Cyber Security Engineer IV (Application Security)to help strengthen enterprise security across web, mobile, and service-based applications. This role will act as a subject matter expert responsible for identifying security vulnerabilities, performing penetration testing, and working closely with development and DevSecOps teams to integrate security best practices throughout the software development lifecycle (SDLC).

The ideal candidate brings strong expertise in application security testing, vulnerability assessment, secure code review, and threat modeling , along with the ability to communicate risks and remediation strategies to both technical and non-technical stakeholders.

Key Responsibilities

• Perform manual penetration testing against web applications, APIs/web services, and mobile applications.
• Identify, analyze, and triage vulnerabilities while providing clear remediation recommendations.
• Conduct secure code reviews to identify potential security flaws.
• Review SAST, DAST, and IAST scan outputs and assist development teams with remediation efforts.
• Collaborate with development, DevSecOps, and security teams to integrate security practices into the SDLC.
• Participate in threat modeling exercises and security architecture discussions.
• Demonstrate practical exploitation of security vulnerabilities in controlled environments.
• Develop and enhance automation processes for application security reporting and metrics.
• Design and implement security tools and services to improve testing, monitoring, and governance.
• Create scripts and tools to support vulnerability testing and analysis.
• Communicate risks, vulnerabilities, and mitigation strategies clearly to developers, application owners, and stakeholders.
• Mentor junior security team members and contribute to secure development training initiatives.

Required Qualifications

• 3–5 years of experience performing manual penetration testing on web and mobile applications.
• Experience performing vulnerability triage and remediation guidance .
• Strong experience with secure code review practices .
• Solid understanding of application, network, infrastructure, and data security architecture .
• Knowledge of web application frameworks, deployment technologies, and security testing tools .
• Experience working in cloud environments such as AWS, Azure, or Google Cloud .
• Strong analytical and troubleshooting skills with excellent attention to detail.
• Ability to manage multiple projects and priorities in a fast-paced environment.
• Excellent written and verbal communication skills, including the ability to produce detailed security reports.

Preferred Qualifications

• Experience with GitLab Ultimate CI/CD and shift-left security tools .
• Experience creating security scripts using Python, JavaScript, PowerShell, Shell, Ruby, PHP, or Lua .
• Security certifications such as OSCP, GPEN, CISSP, GWAPT, CEH , or similar.
• Experience delivering secure development training .
• Bachelor's degree in Computer Science, Information Technology, Cyber Security , or equivalent experience.

Key Skills

• Application Security Testing
• Penetration Testing (Web, API, Mobile)
• Secure Code Review
• Vulnerability Assessment & Triage
• Threat Modeling
• DevSecOps Integration
• Cloud Security (AWS, Azure, GCP)
• Security Automation & Scripting

What We’re Looking For

• A proactive security professional with a curious mindset and strong investigative skills
• Someone comfortable challenging assumptions to achieve the best security outcomes
• Strong collaborator who can work effectively across engineering, security, and leadership teams
• Self-starter capable of working independently while contributing to a collaborative team environment