Application Security Engineer

  • Posted 13 hours ago | Updated 13 hours ago

Overview

Remote
80 - 85
Contract - W2
Contract - 4 Month(s)
10% Travel
Unable to Provide Sponsorship

Skills

Application Security
SAST
DAST
Burp Suite
OWASP ZAP
Checkmarx
Veracode
Python
Bash
PowerShell

Job Details

Description:

Business Initiative/Purpose: 

Intake management, onboarding support, coordination and consulting with development teams, maintaining scanning schedules and monitoring scan failures

 

Bachelor Degree: 

·       Preferred.

Role Responsibilities:

·       Deploy and configure container scanning tools to ensure secure containerized environments.

·       Analyze vulnerabilities identified through SAST, DAST, SCA, and container scans, prioritizing remediation based on risk.

·       Develop and maintain custom scripts to automate security processes and enhance scanning capabilities.

·       Consult with development teams to provide secure coding guidance and assist with remediation strategies.

·       Onboard applications into DAST scanning workflows, ensuring proper configuration and coverage.

·       Configure and troubleshoot DAST scans, resolving issues related to application accessibility and scan accuracy.

·       Review and validate SAST and SCA findings, confirming or rejecting false positives and “mitigated by design” claims from development teams.

·       Document findings, create actionable reports, and communicate technical details effectively to stakeholders.               

Must Have Skills/Prior Experiences: 

·       Strong experience with application security tools: DAST (e.g., Burp Suite, OWASP ZAP), SAST (e.g., Checkmarx, Veracode), and SCA (e.g., Black Duck, Snyk).

·       Hands-on experience with container security and deployment of scanning tools (e.g., Wiz, Prisma, Aqua Security).

·       Proficiency in scripting languages (Python, Bash, or PowerShell) for automation and tool integration.

·       Deep understanding of secure software development lifecycle (SDLC) and common vulnerabilities (OWASP Top 10).

·       Ability to troubleshoot complex scanning issues and optimize configurations for accuracy and performance.

·       Strong analytical skills for vulnerability triage and risk prioritization.

·       Excellent communication skills for consulting with development teams and explaining technical findings.                  

 

PlNice to Have Skills/Prior Experiences: 

·       Experience integrating security tools into CI/CD pipelines.

·       Familiarity with cloud-native security (AWS, Azure, Google Cloud Platform) and container orchestration (Kubernetes).

·       Knowledge of API security testing and microservices architecture.

·       Exposure to DevSecOps practices and security automation frameworks.

·       Relevant certifications such as OSWE, GWAPT, or CSSLP.       

 

EEO: Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.