JuniorApplication Security Specialist

Ampcus Inc. is a certified global provider of a broad range of Technology and Business consulting services. We are in search of a highly motivated candidate to join our talented Team.

Job Title: Junior Application Security Specialist

Location(s): Princeton, NJ
(Hybrid: One day at office)

Role Summary
The Junior Application Security Specialist will support the design, implementation, and continuous improvement of our Application Security and DevSecOps practices. This role works closely with DevOps, engineering, and IT stakeholders to embed security into every stage of the software development lifecycle, leveraging modern automation, secure coding standards, and industry frameworks such as the OWASP Top 10 and OWASP ASVS. The ideal candidate is a hands-on technologist with strong analytical skills, excellent communication abilities, and a strong ethical compass.

• Support the adoption of Application Security and DevSecOps automation, helping to drive consistent security practices across development teams.
• Assist in developing and promoting best practices for DevSecOps and secure CI/CD, ensuring security controls are integrated into pipelines and development workflows.
• Help stay current on emerging security tools, techniques, and processes, and contribute ideas to drive innovation and process maturity in the application security program.

• Work with DevOps teams and managers to train and educate product and engineering teams on information security concepts and standards (e.g., OWASP ASVS, OWASP Top 10).
• Help create and maintain training materials, documentation, and guidance to support secure development practices.

• Participate in threat modeling and design reviews to assess security implications of new features, architectures, and code deployments.
• Assist in identifying potential threats, attack vectors, and abuse cases, and in documenting recommended mitigations.

• Use and help operate code scanning tools and technologies such as SAST, SCA, IaC scanning, secrets scanning, and DAST as part of the secure SDLC.
• Triage SAST/SCA findings by:
  • Validating vulnerabilities in code (primarily Python and JavaScript).
  • Mapping issues to relevant items in the OWASP Top 10.
  • Providing clear, actionable mitigation guidance to engineering teams and developers.
• Collaborate with teams to track, measure, and communicate the quality and effectiveness of risk management processes and controls applicable to IT and application security.

• Apply a working understanding of how code is deployed into cloud environments such as AWS and Azure.
• Support reviews of Infrastructure as Code (IaC) (e.g., Terraform) for security misconfigurations and compliance with internal standards and best practices.

• Use Python scripting to automate repetitive tasks, integrate security tools, and support DevSecOps workflows.
• Work with DevOps tooling such as Docker, Terraform, and Git-based platforms (GitLab / GitHub) to ensure security is integrated into build, deployment, and runtime environments.

• Maintain a good understanding of current and emerging cybersecurity and privacy regulations and practices, and how leading enterprises are employing them.
• Support efforts to explain regulatory and policy requirements to IT and engineering stakeholders in clear, practical terms.
• Assist in tracking and communicating key metrics that reflect the effectiveness of risk management processes, controls, and security initiatives.

• Deliver or support presentations to IT and business representatives on security technologies, DevSecOps practices, and industry trends.
• Communicate clearly and professionally with diverse stakeholders, helping balance security, business, and delivery priorities.
• Help build consensus across teams, supporting decision-making for security initiatives and gaining buy-in from relevant stakeholders.

• Bachelor's degree in Computer Science, Information Security, Engineering, or a related field, or equivalent practical experience.
• Hands-on exposure (academic, project, or professional) to:
  • Application security concepts and secure coding practices.
  • Code scanning tools and techniques such as SAST, SCA, IaC scanning, secrets scanning, and DAST.
• Practical experience (coursework, labs, or professional) with at least some of:
  • Python for scripting and automation.
  • DevOps tooling such as Docker, Terraform, GitLab and/or GitHub.
  • Deploying or working with applications in cloud environments (AWS, Azure, etc.).
• Familiarity with OWASP ASVS and the OWASP Top 10 and how these apply to real-world web or API applications.

• Good understanding of:
  • Secure software development lifecycle (SSDLC) concepts.
  • Modern CI/CD pipelines and DevSecOps practices.
  • Application security testing approaches (static, dynamic, dependency, and IaC scanning).
• Strong knowledge of Office productivity tools, mobile apps, and common IT capabilities expected in a modern IT environment.
• Strong analytical and technical skills, including the ability to understand complex systems, analyze vulnerabilities, and propose practical solutions.

• Excellent verbal and written communication skills, including the ability to:
  • Explain technical and regulatory concepts to non-security stakeholders.
  • Prepare clear documentation, reports, and presentations.
• Strong soft and interpersonal skills, including:
  • Teamwork and collaboration.
  • Facilitation and negotiation to reconcile different interests within the organization.
• Demonstrated planning and organizational skills, with the ability to prioritize tasks and handle multiple workstreams.
• Strong business acumen, including an interest in learning the specific industry/domain and how security supports business objectives.
• Ability to build consensus and support decisions that balance risk, cost, and business value.
• Strong leadership potential and influence skills appropriate to a junior role-showing initiative, ownership, and the ability to positively influence peers.
• Strong sense of ethics, integrity, and personal accountability, with a willingness to "go the extra mile" to achieve important security and business goals.

• Industry certifications or progress toward certifications (e.g., Security+, SSCP, CCSK, or entry-level cloud or DevOps certifications).
• Experience participating in security communities, CTFs, open-source projects, or internal security initiatives.
• Exposure to risk frameworks, security maturity models, or formal governance processes (e.g., OpenSAMM, NIST CSF, ISO 27001).

Ampcus is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veterans or individuals with disabilities.