Application Security Engineer

Peraton•Herndon, VA

23h•$104,000 - $166,000

About The Position

We are seeking a highly skilled and innovative Application Security Engineer to join our team in the greater DMV area, supporting the Army National Guard. Key Responsibilities Define application security strategy, standards, and SDLC integration points; champion secure-by-design practices across engineering and DevSecOps teams. Lead threat modeling and secure architecture reviews for applications, APIs, and microservices. Design, implement, and manage automated security toolchain: SAST, DAST, SCA, IAST, secrets management, and pipeline gating. Triage, validate, prioritize, and manage remediation of application vulnerabilities; coordinate remediation with developers, platform, and cloud teams. Conduct exploit validation, root-cause analysis, and coordinate incident response for application security events. Establish governance for vulnerability lifecycle, release security validation, and compliance reporting. Develop security requirements, secure coding guidance, checklists, and developer training materials; deliver briefings to technical and executive audiences. Evaluate emerging application threats and tools; recommend and pilot defensive technologies and processes. Produce decision‑grade artifacts: architecture review reports, risk assessments, security test plans, and metrics dashboards. #ENOCS

Requirements

Minimum of 12 years with BS/BA; Minimum of 10 years with MS/MA; Minimum of 7 years with Ph.D.
Clearance: TS/SCI (active)
Candidate must meet ONE of the following: Master’s or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR Relevant DoD/Military training documented for application security or enterprise cybersecurity roles; OR Relevant professional certifications or demonstrated equivalent experience (examples: CISSP‑ISSEP, CSSLP, GWAPT, GIAC application security certs).
Minimum 7 years application security/devsecops experience with at least 5 years in senior roles supporting enterprise or mission-critical systems.
Demonstrated experience with SAST/DAST/SCA/IAST tooling, CI/CD integration, threat modeling, secure architecture reviews, vulnerability lifecycle management, scripting/programming (Python, Java, C#, JavaScript), and cloud-native platforms (AWS/Azure/GCP).
Knowledge: OWASP Top 10, NIST SP 800 series, RMF/DoD policy, and secure coding best practices.

Nice To Haves

Certifications: CISSP‑ISSEP preferred; CSSLP, GWAPT, GWEP, or other GIAC application security certifications desirable.
Experience with container security, API security, secrets management, and pipeline gating in automated CI/CD environments.

Responsibilities

Define application security strategy, standards, and SDLC integration points; champion secure-by-design practices across engineering and DevSecOps teams.
Lead threat modeling and secure architecture reviews for applications, APIs, and microservices.
Design, implement, and manage automated security toolchain: SAST, DAST, SCA, IAST, secrets management, and pipeline gating.
Triage, validate, prioritize, and manage remediation of application vulnerabilities; coordinate remediation with developers, platform, and cloud teams.
Conduct exploit validation, root-cause analysis, and coordinate incident response for application security events.
Establish governance for vulnerability lifecycle, release security validation, and compliance reporting.
Develop security requirements, secure coding guidance, checklists, and developer training materials; deliver briefings to technical and executive audiences.
Evaluate emerging application threats and tools; recommend and pilot defensive technologies and processes.
Produce decision‑grade artifacts: architecture review reports, risk assessments, security test plans, and metrics dashboards.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume