Application Security Engineer

About The Position

Requirements

• 6+ years of experience with Information Technology
• 3+ years of experience with Java, Python, .NET, or C#
• 3+ years of experience with Burp Suite supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments
• 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, networks, or infrastructure services
• Experience with Veracode and Eclipse, JDeveloper, including pipeline development, or Visual Studio
• Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
• Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
• Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
• Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
• HS diploma or GED

Nice To Haves

• Experience with the Security Compass SD Elements security requirements tool
• Experience with Interactive Application Security Testing (IAST) capabilities and tools
• Experience with OWASP ZAP or Burp Proxy

Responsibilities

• Remediate application security flaws in conjunction with the application security team.
• Lead security discussions with the application teams to prescribe security best practices within their development lifecycle.
• Perform dynamic and static application performance testing.
• Perform security requirements creation or generation-level threat modeling leveraging tools, including SD Elements.
• Perform application-level testing using applications, such as Burp Suite.
• Work with the latest OWASP frameworks.

Benefits

• health, life, disability, financial, and retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program