Must-Have:
Must have a Laptop/computer with internet to work from home.
Comfortable providing a Photo ID Copy
Terms of Employment
Position Type: W2 Contract, 6 months
Location: Hybrid (Based out of Reston, VA; regular remote flexibility with occasional monthly/quarterly on-site visits and mandatory on-site final interview)
Candidate must be in DMV area
Overview
Work with a leading firm in the financial and enterprise services industry dedicated to keeping critical infrastructure robust and secure. We are seeking talented Lead Application Security Professionals to join an elite Application Security team. In this role, you will act as a foundational pillar in embedding advanced security protocols directly into the software development lifecycle, driving cloud migration initiatives, and mitigating software vulnerabilities before deployment.
Key Responsibilities
Drive the application security program by successfully embedding security gates, automated testing, and compliance frameworks straight into the active SDLC and CI/CD pipelines using Jenkins.
Evaluate, manage, and remediate application and software vulnerabilities across various codebases and cloud-native application environments.
Partner directly with software development teams to discuss vulnerability findings, explain complex security risks, track SLAs, and ensure proper remediation.
Execute deep-dive technical security assessments utilizing static, dynamic, interactive, and software composition testing tools.
Take complete ownership of the application security posture, leading cross-functional forums and ensuring secure architecture across containerized systems and cloud ecosystems.
Required Qualifications
Proven professional background in software development with strong expertise in Java technologies and a comprehensive understanding of the SDLC.
Practical experience with application security metrics and deep knowledge of the OWASP Top 10 vulnerabilities.
Hands-on experience with security testing tools and techniques, including SAST, DAST, IAST, SCA, manual penetration testing, secure code review, and threat modeling.
Extensive experience with CNAPP, CSPM, KSPM, CWPP or cloud native security platforms, preferably tools such as Wiz, CrowdStrike or similar solutions.
Strong communication and relationship-building skills to successfully interact, present, and collaborate with engineering groups.
Hands-on experience securing AWS cloud environments, including container security (EKS), IAM, EC2, S3, and Lambda functions, CloudTrail, Security Hub & Guard Duty.
Must be locally available or willing to travel to the Reston, VA office for a mandatory in-person final-round interview.
Preferred Qualifications
Active professional cybersecurity or cloud certifications such as CISSP, CISM, or AWS Certified Security Specialty (highly preferred).
Recognized certifications in offensive security or penetration testing, such as Certified Ethical Hacker (CEH) (highly preferred).
Hands-on familiarity with managing and optimizing security scans within Jenkins automated build pipelines.