Application Security Engineer

Leidos

About The Position

Leidos is seeking an Application Security Engineer as part of our DevOps team in support of a large-scale, complex Software program within the Department of Justice. This role focuses on securing the application including identifying vulnerabilities in code, designing security controls, conducting code reviews and perform penetration tests, with the goal of proactively preventing security breaches by inserting security measures throughout the software development lifecycle.

Requirements

Bachelor's degree in Cybersecurity, Computer Science, or related field with 8 years of experience
5+ years of experience in application security engineering.
Expertise in security tools, security controls and frameworks, and incident response.
Strong leadership and communication skills.

Nice To Haves

Experience with compliance evidence collection and risk-based release gating.
Familiarity with container security standards and IAM governance.
Knowledge of security scanning integration and vulnerability management.

Responsibilities

Lead security integration efforts across the software development lifecycle.
Manage and maintain a library of security audit tools, and corresponding processes that can be used for system security testing, internal audits, incident response, and diagnosis of security-related system issues.
Identify vulnerabilities in code and work with developers to remediate them.
Automate security testing in CI/CD pipelines.
Conduct advanced threat modeling and oversee secure architectural choices.
Manage security incident response and remediation efforts.
Mentor developers on secure coding practices and conduct training sessions.
Track and report progress on security vulnerabilities in formal reviews.
Establish container security standards.
Collect compliance evidence in support of reviews and audits.