Apply on Employer Site

Public Partnerships | PPL · 3 hours ago

AppSec & DevSecOps Engineer

New York, United States

Full-time

Onsite

Mid, Senior Level

$105K/yr - $115K/yr

3+ years exp

Public Partnerships LLC supports individuals with disabilities and aging adults to remain in their homes and communities. They are seeking an experienced Application Security and DevSecOps Engineer to embed security throughout the software development lifecycle and CI/CD pipelines, ensuring systems are secure by design and compliant with industry standards.

Bookkeeping and PayrollFinancial ServicesHuman ResourcesPaymentsStaffing Agency

H1B Sponsor Likely

Hiring Manager

Matt DeGeorge

Responsibilities

Secure SDLC Integration:

Integrate security at every phase of the software development lifecycle

Collaborate with engineering and product teams in Agile/Scrum environments to prioritize, track, and remediate security issues during sprint cycles

Develop and maintain threat models and perform design reviews

Lead threat modeling sessions and conduct in-depth security architecture reviews

Educate development teams on secure coding practices

Contribute to secure backlog grooming and definition of security-related user stories and acceptance criteria

Actively support the organization’s secure software development lifecycle (SDLC) initiatives by integrating security controls, processes, and testing into development workflows and CI/CD pipelines

CI/CD Pipeline Security:

Integrate security testing tools (SAST, DAST, SCA, IaC scanning) into CI/CD pipelines

Automate security checks to ensure continuous compliance and early detection

Ensure integration of security scanning outputs into ticketing systems and development workflows for traceable remediation

Application Security:

Perform and manage vulnerability assessments, code reviews, and penetration testing

Lead application-level penetration testing efforts, both internally and with external vendors

Remediate findings by working closely with developers and product teams

Facilitate and track remediation activities as part of security sprints

Monitor and manage third-party/open-source dependencies for known vulnerabilities

Conduct security code reviews using both automated and manual analysis techniques

Infrastructure & DevSecOps:

Secure containerized environments (Docker, Kubernetes)

Ensure cloud infrastructure security (AWS/GCP/Azure) using infrastructure-as-code (IaC) tools like Terraform or CloudFormation

Implement secrets management, identity and access control, and other cloud-native security features

Governance & Compliance:

Contribute to security policies, standards, and compliance efforts (e.g., ISO 27001, SOC 2, NIST 800-53, GDPR)

Ensure application security controls comply with HIPAA Security Rule safeguards (e.g., access control, audit logging, encryption)

Support documentation and evidence collection for SOC 2 Type II audits and HIPAA security risk assessments

Map security activities and controls to NIST 800-53 and NIST SSDF frameworks

Support audit activities and create documentation for security controls

Qualification

AppSecDevSecOpsCI/CD toolsVulnerability assessmentsCloud securitySAST toolsDAST toolsIaC scanningThreat modelingNIST complianceCommunicationCollaboration skillsAdaptability

Required

Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience)

3–5+ years of experience in AppSec, DevSecOps, or related roles

Hands-on experience with security tools: SAST (e.g., Checkmarx, SonarCloud, Veracode), DAST (e.g., OWASP ZAP, Burp), SCA (e.g., Snyk, WhiteSource), and IaC scanners (e.g., tfsec, Checkov)

Proficiency in CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions)

Experience with scripting and automation (Python, Bash, etc.)

Solid understanding of OWASP Top 10, secure coding, threat modeling, and secure design principles

Familiarity with containers and orchestration tools (Docker, Kubernetes)

Experience working in regulated environments and ensuring security of applications that handle ePHI or sensitive data

Working knowledge of NIST 800-53 (Rev. 5), including AC, AU, SC, and SI control families

Familiarity with NIST SSDF principles and their implementation across the SDLC

Preferred

Certifications: OSCP, CISSP, CSSLP, CEH, or similar

Experience with cloud-native security in Azure, AWS, and GCP

Hands-on experience with NIST, HIPAA, and SOC 2 application security compliance, including security assessments and control implementation

Experience leading penetration testing engagements and managing remediation in collaboration with development teams

Experience with bug bounty programs or working with security researchers

Experience implementing or supporting a security champions program is a plus

Company

Public Partnerships | PPL

PPL is the leading service provider for self-directed care programs.

Founded in 1999

Alpharetta, Georgia, USA

1001-5000 employees

https://pplfirst.com

H1B Sponsorship

Public Partnerships | PPL has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (4)

2024 (4)

2023 (8)

2022 (5)

Funding

Current Stage

Late Stage

Leadership Team

Deralie Mooney

Tax Manager, Public Partnerships, LLC

Mckenzie Crews

Public Partnership

Company data provided by crunchbase