Application Security Engineer

About The Position

Requirements

• Strong understanding of application security testing concepts and operational support for SAST, DAST and IDE plug-in environments.
• Hands-on capability with enterprise web application security and common vulnerability classes.
• Familiarity with vulnerability scoring, classification and prioritization frameworks (OWASP Top 10, CVSS, CWE, WASC, SANS-25).
• Working knowledge of federal compliance standards (NIST 800-53, FIPS, FedRAMP).
• Ability to work effectively in Linux or UNIX environments for navigation and basic troubleshooting.
• Ability to communicate findings clearly and work cross-functionally to support remediation.
• Bachelor’s degree in an IT-related field.
• 6+ years of Information Technology experience.
• 3+ years of experience supporting SAST, DAST and IDE plug-in environments using Burp Suite, including 3+ years of hands-on Burp Suite experience.
• 1+ year of experience supporting SAST, DAST and IDE plug-in environments using Veracode.
• 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, networks or infrastructure services.
• 2+ years of experience with Java, Python, .NET or C#.
• 2+ years of experience working in Linux-based environments, including navigating and troubleshooting basic website connectivity issues.
• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Experience with Eclipse, JDeveloper and/or Visual Studio, including pipeline development experience.
• Experience securing enterprise web applications, including familiarity with OWASP Top 10, CVSS, CWE, WASC and SANS-25.
• Knowledge of federal compliance standards, including NIST 800-53, FIPS and/or FedRAMP.
• Applicants must be a U.S. citizen in compliance with federal contract requirements.

Nice To Haves

• Industry recognized certifications.
• Experience with Interactive Application Security Testing (IAST) tools and capabilities.
• Experience with HackerOne.
• Experience with Selenium.
• Experience writing bash scripts.
• Experience with OWASP ZAP or Burp Proxy.

Responsibilities

• Support and operate application security testing capabilities across SAST, DAST and IDE plug-in environments, with primary focus on Burp Suite and Veracode.
• Configure, maintain and troubleshoot Burp Suite and Veracode integrations to enable consistent application security testing workflows.
• Partner with development and engineering teams to identify, validate and remediate security vulnerabilities.
• Apply vulnerability standards and scoring methodologies to findings, including OWASP Top 10, CVSS, CWE, WASC and SANS-25.
• Navigate and troubleshoot within Linux or UNIX environments, including basic website connectivity issues.
• Support the design and implementation of enterprise-wide security controls that secure applications, systems, networks or infrastructure services.
• Use IDEs and development toolchains (Eclipse, JDeveloper, Visual Studio) to support developer workflows, including pipeline development activities where applicable.
• Support compliance-aligned security activities in federal environments leveraging NIST 800-53, FIPS and/or FedRAMP standards.

Benefits

• 18 days of PTO
• 11 holidays
• 85% of insurance premium covered
• 401k
• continued education
• certifications maintenance
• reimbursement and more