Application Security Engineer

Job Title: Sr. Application Security Engineer

Location: Reston, VA (100% Remote Work)

Duration: 6 months Contract (possibility to extended)

The ideal candidate will have a strong application security and development background.

Responsibilities:

• Serve as a subject matter expert for security in application projects.
• Perform functional requirements reviews, design reviews, conduct threat modeling, and ensure security best practices are followed during the SDLC.
• Triage and validate SAST, SCA, and DAST scan results prior to sharing with the development teams.
• Conduct vulnerability reviews with development teams.
• Develop and maintain integration between application security products, e.g. VMDB and CI/CD tools.
• Develop reportable observations, findings and recommendations to relay to application developers and IT leadership and validate remediations are complete.
• Participate in Internal Penetration Testing of web applications.
• Strong communication skills, with the ability to explain security concepts to both management and developers in a large enterprise environment.

What you ll Bring:

• Ten(10) years of application security experience.
• Ten (10) years of software development experience and/or full-stack engineering.
• Proficiencies with popular programming frameworks Angular, Node, .NET
• Strong familiarity with OWASP Top 10 vulnerabilities and how to engineer software to avoid them
• Knowledge of and experience working in an Agile SDLC model
• Experience working with SAST and SCA products, preferably Checkmarx and GitHub Advance Security
• Experience with infrastructure as code (IaC) deployment
• Experience working with DAST tools such as Burp, Zap, etc.
• Experience with scripting languages (PowerShell, Python, Ruby, Perl, etc.)
• An advanced understanding of varying application development architectures, platforms and methodologies.
• Demonstrated ability to develop strategies and lead large and complex endeavors.
• Ability to stay current with evolving technologies and effectively educate leadership on trends and opportunities
• Strong proficiency in active listening and the ability to learn quickly
• Ability to communicate technical security concepts to a diverse audience (written and verbal)
• A passion for innovation and the challenges of creating something new.

We d Love to See

• Robust expertise and experience with deploying and security IaC in AWS and Azure.
• One or more of the following certifications: GPEN, GWAPT, OSCP, eCPPT, Amazon AWS or Azure Specialty certifications.
• Experience with security tooling such as Checkmarx, Burp Pro/Enterprise, ZAP, GitHub Advanced Security, Artifactory Xray