Application Security Engineer || Rockville, MD Hybrid:: W2

Title: Application Security Engineer

Location: Rockville, MD Hybrid

Duration: 12 months

Job Responsibilities:

• Perform security assessments and manual penetration testing using tools such as Burp Suite and other proxy tools.
• Triage static (SAST), dynamic (DAST), interactive (IAST) analysis results to identify, prioritize and remediate security vulnerabilities.
• Integrate security practices into C/CD pipeline to support DevSecOps initiative.
• Maintain documentation of security findings, remediation plans, and compliance requirements
• Develop and interpret security policies and procedures Participate in security compliance efforts
• Develop and deliver training materials and perform general security awareness and specific security technology training
• Evaluate and recommend new and emerging security products and technologies
• Leverage GenAI technologies to scale application security reviews and automate code analysis
• Evaluate various application security tools/capabilities i.e., SAST,DAST, IaC, Secrets detection tools]
• Stay current with emerging security threats and countermeasures.
• Ability to train or explain the common security issues to raise the security awareness among developers and assurance engineers.
• Perform AWS configuration reviews

Qualifications:

• Bachelor's degree in a technical field such as computer science, computer engineering or related field required
• 5+ years of experience required in Cyber security and application security
• Familiarity with SAST, DAST, IAST tools.
• Understanding of AWS is required
• Deep understanding of OWASP top issues and remediation guidelines.
• Proficiency in one or more programming language ( Java, Python, JavaScript is preferred)
• Understanding of CI/CD tools such as Jenkins and GITLAB.
• Familiarity with GenAI tools is a plus.
• Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
• Candidates with software development background is a plus
• Consistent implementation of security solutions
• Experience in infrastructure or application-level vulnerability testing and auditing
• Certifications like GWAPT, OSWE, Burp Suite Certified Practitioner are good to have