Apply on Employer Site

Public Partnerships | PPL · 6 hours ago

AppSec & DevSecOps Engineer

New York

Full-time

Hybrid

Mid, Senior Level

$120K/yr - $135K/yr

3+ years exp

Public Partnerships LLC is the nation’s largest Financial Management Service provider, supporting individuals with disabilities and aging adults to manage their long-term home care. They are seeking an experienced Application Security (AppSec) and DevSecOps Engineer to integrate security throughout the software development lifecycle and CI/CD pipelines, ensuring systems are secure and compliant with industry standards.

Bookkeeping and PayrollFinancial ServicesHuman ResourcesPaymentsStaffing Agency

H1B Sponsor Likely

Responsibilities

Integrate security at every phase of the software development lifecycle

Collaborate with engineering and product teams in Agile/Scrum environments to prioritize, track, and remediate security issues during sprint cycles

Develop and maintain threat models and perform design reviews

Lead threat modeling sessions and conduct in-depth security architecture reviews

Educate development teams on secure coding practices

Contribute to secure backlog grooming and definition of security-related user stories and acceptance criteria

Actively support the organization’s secure software development lifecycle (SDLC) initiatives by integrating security controls, processes, and testing into development workflows and CI/CD pipelines

Integrate security testing tools (SAST, DAST, SCA, IaC scanning) into CI/CD pipelines

Automate security checks to ensure continuous compliance and early detection

Ensure integration of security scanning outputs into ticketing systems and development workflows for traceable remediation

Secure containerized environments (Docker, Kubernetes)

Ensure cloud infrastructure security (AWS/GCP/Azure) using infrastructure-as-code (IaC) tools like Terraform or CloudFormation

Implement secrets management, identity and access control, and other cloud-native security features

Perform and manage vulnerability assessments, code reviews, and penetration testing

Lead application-level penetration testing efforts, both internally and with external vendors

Remediate findings by working closely with developers and product teams

Facilitate and track remediation activities as part of security sprints

Monitor and manage third-party/open-source dependencies for known vulnerabilities

Conduct security code reviews using both automated and manual analysis techniques

Qualification

Application SecurityDevSecOpsCI/CD SecurityVulnerability AssessmentSAST ToolsDAST ToolsIaC SecurityCloud SecurityThreat ModelingSecure CodingPythonBashDockerKubernetesNIST ComplianceHIPAA ComplianceSOC 2 ComplianceOSCP CertificationCISSP CertificationCSSLP CertificationCEH Certification

Required

Hands-on experience with security tools: SAST (e.g., Checkmarx, SonarCloud, Veracode), DAST (e.g., OWASP ZAP, Burp), SCA (e.g., Snyk, WhiteSource), and IaC scanners (e.g., tfsec, Checkov)

Proficiency in CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions)

Experience with scripting and automation (Python, Bash, etc.)

Solid understanding of OWASP Top 10, secure coding, threat modeling, and secure design principles

Familiarity with containers and orchestration tools (Docker, Kubernetes)

Experience working in regulated environments and ensuring security of applications that handle ePHI or sensitive data

Working knowledge of NIST 800-53 (Rev. 5), including AC, AU, SC, and SI control families

Familiarity with NIST SSDF principles and their implementation across the SDLC

Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience)

3–5+ years of experience in AppSec, DevSecOps, or related roles

Preferred

Healthcare industry experience preferred

Certifications: OSCP, CISSP, CSSLP, CEH, or similar

Experience with cloud-native security in Azure, AWS, and GCP

Hands-on experience with NIST, HIPAA, and SOC 2 application security compliance, including security assessments and control implementation

Experience leading penetration testing engagements and managing remediation in collaboration with development teams

Experience with bug bounty programs or working with security researchers

Experience implementing or supporting a security champions program is a plus

Benefits

401k Retirement Plan

Medical, Dental and Vision insurance on first day of employment

Generous Paid Time Off

Employee Assistance Program and more

Company

Public Partnerships | PPL

PPL is the leading service provider for self-directed care programs.

Founded in 1999

Alpharetta, Georgia, USA

1001-5000 employees

https://pplfirst.com

H1B Sponsorship

Public Partnerships | PPL has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (4)

2024 (4)

2023 (8)

2022 (5)

Funding

Current Stage

Late Stage

Leadership Team

Deralie Mooney

Tax Manager, Public Partnerships, LLC

Mckenzie Crews

Public Partnership

Company data provided by crunchbase