About the role
Job Description About the Role: Fragomen, an Am Law 100 Firm and the leading global immigration services provider, is seeking an Application Security Engineer & Architect. This Engineer will join our talent Cyber Security team, which plays a pivotal role in Fragomen's Immigration Technology Innovation Lab. Our industry-leading, immigration-specific applications and technology is undergoing tremendous transformation and security is on the critical path to success in that endeavor. This is an excellent opportunity for a cyber security professional who is passionate about security, capable of effecting change, and ready to take on new challenges.
How will you make a difference as an Application Security Engineer & Architect at Fragomen?
- Evaluate, propose, and test security verification tools to integrate into development pipelines (e.g., SAST, DAST, SCA, and code scanning tools for secrets and API keys).
- Lead web application reconnaissance efforts, including understanding underlying technology stacks, risk posture, data handling, authentication/authorization, and proprietary controls.
- Manage SDLC initiatives around Fragomen’s DAST processes, including Invicti integration, discovery scanning, triaging results, and risk reporting.
- Conduct application security penetration testing engagements, manually assessing risk surfaces of both existing and emerging web applications; document findings and assist with remediation advice.
- Perform architectural reviews of applications to ensure secure design and implementation.
- Secure source code through in-depth analysis (.NET, Python, Java, etc.), assisting with SAST/SCA triage, reporting, and addressing development team remediation queries.
- Collaborate with 3rd party security firms by providing credentials, demos, and evaluating the accuracy and proficiency of penetration testing reports.
- Act as the proactive security liaison between AppSec and key stakeholders (Software Development, DevOps, Compliance teams), including potential external customer-facing communications.
- Automate security workflows and integrate security checks into build and release pipelines, optimizing security testing based on policy, code changes, and risk.
- Design and recommend gating strategies to enforce security controls at appropriate SDLC stages.
- Operate and maintain security tools while participating in tasks across other IT Security domains (threat detection, security engineering, architecture, incident response).
- Stay ahead of the dynamic security landscape by securing and architecting protections for emerging technologies, including AI, tooling, and frameworks, aligned with business needs.
Leverage your valuable skills and experience to make an impact at Fragomen:
- 3+ years of experience in web application development and cybersecurity.
- Strong scripting and coding skills with frameworks such as .NET, Python, Bash, PowerShell.
- Experience with CICD tools (e.g., Jenkins, GitLab, Bamboo, Octopus, Proget).
- Knowledge of SDLC best practices.
- Familiarity with cloud-native security tools and Kubernetes is a plus.
- Strong communication skills, capable of maintaining professionalism under pressure.
- Relevant certifications such as GWEB, OSCP preferred.
- BA degree in related field or equivalent experience.
All offers and/or employment contracts are contingent upon the successful completion of the Firm’s pre-employment screening process. This process may include verifying the candidate’s identity, confirming legal authorization to work in the offered position's location, and conducting a comprehensive background check, where permitted by local regulations.
About Fragomen
Fragomen is a leading firm dedicated to immigration services worldwide. The firm has over 5,500 immigration professionals and support staff in more than 60 offices across the Americas, EMEA and Asia Pacific. A member of the Am Law 100 and Am Law Global 100, Fragomen offers immigration support in more than 170 countries. Fragomen’s professionals are respected leaders in the immigration field, and the firm is regularly recognized as a leading employer of minority and female attorneys.
The firm supports all aspects of global immigration for corporate, academic, nonprofit, and individual clients, including strategic planning, quality management, reporting, case management and processing, compliance program counseling, representation in government investigations, government relations, complex matter solutions, and litigation.
Fragomen is a long-time leader in the immigration technology space and continues to lead the way in the digitization of the immigration journey. It has created Fragomen Technologies Inc., a Fragomen subsidiary focused on the nexus of law and technology to further enhance its technology offering.
These capabilities allow Fragomen to work in partnership with individuals and corporate clients across all industries to plan talent strategy, facilitate the transfer of employees worldwide, and navigate complex challenges. For detailed information about Fragomen, visit www.fragomen.com
About the role
Job Description About the Role: Fragomen, an Am Law 100 Firm and the leading global immigration services provider, is seeking an Application Security Engineer & Architect. This Engineer will join our talent Cyber Security team, which plays a pivotal role in Fragomen's Immigration Technology Innovation Lab. Our industry-leading, immigration-specific applications and technology is undergoing tremendous transformation and security is on the critical path to success in that endeavor. This is an excellent opportunity for a cyber security professional who is passionate about security, capable of effecting change, and ready to take on new challenges.
How will you make a difference as an Application Security Engineer & Architect at Fragomen?
- Evaluate, propose, and test security verification tools to integrate into development pipelines (e.g., SAST, DAST, SCA, and code scanning tools for secrets and API keys).
- Lead web application reconnaissance efforts, including understanding underlying technology stacks, risk posture, data handling, authentication/authorization, and proprietary controls.
- Manage SDLC initiatives around Fragomen’s DAST processes, including Invicti integration, discovery scanning, triaging results, and risk reporting.
- Conduct application security penetration testing engagements, manually assessing risk surfaces of both existing and emerging web applications; document findings and assist with remediation advice.
- Perform architectural reviews of applications to ensure secure design and implementation.
- Secure source code through in-depth analysis (.NET, Python, Java, etc.), assisting with SAST/SCA triage, reporting, and addressing development team remediation queries.
- Collaborate with 3rd party security firms by providing credentials, demos, and evaluating the accuracy and proficiency of penetration testing reports.
- Act as the proactive security liaison between AppSec and key stakeholders (Software Development, DevOps, Compliance teams), including potential external customer-facing communications.
- Automate security workflows and integrate security checks into build and release pipelines, optimizing security testing based on policy, code changes, and risk.
- Design and recommend gating strategies to enforce security controls at appropriate SDLC stages.
- Operate and maintain security tools while participating in tasks across other IT Security domains (threat detection, security engineering, architecture, incident response).
- Stay ahead of the dynamic security landscape by securing and architecting protections for emerging technologies, including AI, tooling, and frameworks, aligned with business needs.
Leverage your valuable skills and experience to make an impact at Fragomen:
- 3+ years of experience in web application development and cybersecurity.
- Strong scripting and coding skills with frameworks such as .NET, Python, Bash, PowerShell.
- Experience with CICD tools (e.g., Jenkins, GitLab, Bamboo, Octopus, Proget).
- Knowledge of SDLC best practices.
- Familiarity with cloud-native security tools and Kubernetes is a plus.
- Strong communication skills, capable of maintaining professionalism under pressure.
- Relevant certifications such as GWEB, OSCP preferred.
- BA degree in related field or equivalent experience.
All offers and/or employment contracts are contingent upon the successful completion of the Firm’s pre-employment screening process. This process may include verifying the candidate’s identity, confirming legal authorization to work in the offered position's location, and conducting a comprehensive background check, where permitted by local regulations.
About Fragomen
Fragomen is a leading firm dedicated to immigration services worldwide. The firm has over 5,500 immigration professionals and support staff in more than 60 offices across the Americas, EMEA and Asia Pacific. A member of the Am Law 100 and Am Law Global 100, Fragomen offers immigration support in more than 170 countries. Fragomen’s professionals are respected leaders in the immigration field, and the firm is regularly recognized as a leading employer of minority and female attorneys.
The firm supports all aspects of global immigration for corporate, academic, nonprofit, and individual clients, including strategic planning, quality management, reporting, case management and processing, compliance program counseling, representation in government investigations, government relations, complex matter solutions, and litigation.
Fragomen is a long-time leader in the immigration technology space and continues to lead the way in the digitization of the immigration journey. It has created Fragomen Technologies Inc., a Fragomen subsidiary focused on the nexus of law and technology to further enhance its technology offering.
These capabilities allow Fragomen to work in partnership with individuals and corporate clients across all industries to plan talent strategy, facilitate the transfer of employees worldwide, and navigate complex challenges. For detailed information about Fragomen, visit www.fragomen.com