Security Engineer/Tester

Job#: 3026686

Job Description:

Security Engineer/Tester

Location: Seattle, Washington (Onsite)

Employment Type: Contract

Contract Duration: 12 months

Role Overview

As a Security Engineer/Tester, you will perform authorized security testing on complex, large-scale, and critical applications. This role involves working with development teams to proactively identify security vulnerabilities early in the development cycle. You will act as a liaison between information security and development teams, helping to interpret and resolve security issues. The position requires a passion for staying current with the evolving threat landscape and new security vulnerabilities.

Key Responsibilities

• Perform authorized security testing on complex and highly critical applications.
• Work independently and within a team-oriented, fast-paced environment.
• Maintain awareness of various application security domains, including authentication, authorization, and identity management.
• Present findings to leadership, management, and development teams to communicate risk and inform mitigation strategies.
• Proactively identify security vulnerabilities such as those listed in OWASP Top 10, SANS Top 25, and CWE.
• Act as a liaison between information security teams and development teams to facilitate understanding and remediation of security issues.

Required Qualifications

Experience: 3+ years of experience in software development or testing with large-scale enterprise applications.

Technical Skills:

• Primary skills in manual and automated software testing.
• Deep understanding of web application technologies, web protocols (HTTP, HTTPS), and browser technologies.
• In-depth domain understanding of application security, including Identity and Access Management (IAM) and various authentication technologies (passwords, biometrics, OTP, digital certificates, PKI, FIDO U2F/Passkeys).
• Proven expertise with security testing tools such as proxy tools (Fiddler), black box security testing tools (Burp), and static security code analysis tools.
• Deep understanding of application security vulnerabilities (OWASP Top 10, SANS Top 25, CWE) and attack patterns (CAPEC).

Education: Bachelor's Degree in Computer Science or equivalent experience.

Preferred Qualifications

• Working experience with security technologies and standards like Single Sign-On (SSO) using SAML/OpenID and OAuth protocols.
• Good understanding of cryptographic algorithms and standards such as symmetric/asymmetric crypto techniques, digital signatures, JWS/JWE tokens, and Hardware Security Modules (HSMs).
• Understanding of security vulnerabilities related to cloud environments.
• Possession of well-known security certifications.
• Understanding of Threat Modeling concepts and Secure Development Life Cycle processes.
• Familiarity with Mobile Application Security.

We are an equal opportunity employer and welcome applications from all qualified candidates regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Apex uses a virtual recruiter as part of the application process. Click for more details.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Benefits Department at or .

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click for more details.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.