Application Security Engineer
About The Position
MBL Technologies is seeking an experienced Application Security Engineer to support the security and integrity of enterprise applications within a federal environment. This role will focus on identifying, analyzing, and mitigating application security vulnerabilities through the use of industry-standard tools and best practices, with an emphasis on both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). The ideal candidate will have hands-on experience with Burp Suite Enterprise for DAST scanning and Veracode for SAST analysis, along with a strong understanding of secure coding practices, vulnerability management, and federal security compliance frameworks.
Requirements
- 6+ years of overall Information Technology experience.
- 3+ years of experience supporting SAST, DAST, and IDE plug-in environments using Burp Suite (with emphasis on Burp Suite Enterprise for DAST).
- Experience supporting SAST/DAST environments using Veracode.
- 3+ years of development experience with Java, Python,. NET, or C#.
- 3+ years of experience designing and implementing enterprise-wide security controls for applications and systems.
- Experience with development environments such as Eclipse, JDeveloper, or Visual Studio, including pipeline integration
- Strong understanding of application security principles and vulnerability frameworks (OWASP Top 10, CVSS, CWE, WASC, SANS-25).
- Knowledge of federal security and compliance standards (NIST 800-53, FIPS, FedRAMP).
- 3+ years of experience working in Linux-based environments, including troubleshooting application and connectivity issues.
- Ability to obtain a security clearance.
- Bachelor’s degree in Information Technology, Computer Science, or a related field.
Nice To Haves
- Experience integrating security tools into CI/CD pipelines.
- Familiarity with container security, cloud environments, or DevSecOps practices.
- Experience supporting federal agencies or government contracting environments.
- Strong scripting or automation experience (e.g., Bash, Python).
Responsibilities
- Perform DAST scanning using Burp Suite Enterprise, including configuration, execution, and analysis of scan results.
- Conduct SAST assessments using Veracode, identifying code-level vulnerabilities and recommending remediation strategies.
- Analyze and prioritize vulnerabilities based on risk, leveraging frameworks such as CVSS, CWE, OWASP Top 10, WASC, and SANS-25.
- Collaborate with development, DevOps, and security teams to integrate security into the SDLC and CI/CD pipelines.
- Provide guidance on secure coding practices and assist developers with vulnerability remediation.
- Support the implementation and maintenance of IDE security plug-ins and secure development tools.
- Troubleshoot application and connectivity issues within Linux-based environments.
- Contribute to the design and implementation of enterprise-wide application security controls.
- Ensure alignment with federal compliance standards, including NIST 800-53, FIPS, and FedRAMP.
- Stay current with emerging threats, vulnerabilities, and application security best practices.
Benefits
- medical
- dental
- vision
- STD
- Accident
- Life
- Hospital Insurance
- FSA
- HSA
- 401K match
- professional development stipend
- incentive plans with corporate and individual-based performance bonuses
- 401K
- PTO
- remote work
- health and wellness programs
- employee discounts
- learning and development reimbursement
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
