Application Security Engineer

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.  

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance, reimbursement and more.

Who we’re looking for:

We are seeking an Application Security Engineer with expertise in Static and Dynamic Application Security Testing (SAST & DAST) methodologies and enterprise-level security controls. Your mission is to fortify our software supply chain by integrating rigorous security testing directly into the development lifecycle to preemptively neutralize vulnerabilities. The Application Security Engineer will be responsible for the end-to-end administration of Burp Suite and Veracode, managing Integrated Development Environment (IDE) plugins and ensuring all enterprise web applications align with federal compliance and OWASP standards. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

• Support and operate application security testing capabilities across SAST, DAST and IDE plug-in environments, with primary focus on Burp Suite and Veracode.
• Configure, maintain and troubleshoot Burp Suite and Veracode integrations to enable consistent application security testing workflows.
• Partner with development and engineering teams to identify, validate and remediate security vulnerabilities.
• Apply vulnerability standards and scoring methodologies to findings, including OWASP Top 10, CVSS, CWE, WASC and SANS-25.
• Navigate and troubleshoot within Linux or UNIX environments, including basic website connectivity issues.
• Support the design and implementation of enterprise-wide security controls that secure applications, systems, networks or infrastructure services.
• Use IDEs and development toolchains (Eclipse, JDeveloper, Visual Studio) to support developer workflows, including pipeline development activities where applicable.
• Support compliance-aligned security activities in federal environments leveraging NIST 800-53, FIPS and/or FedRAMP standards.

What you need to know:

• Strong understanding of application security testing concepts and operational support for SAST, DAST and IDE plug-in environments.
• Hands-on capability with enterprise web application security and common vulnerability classes.
• Familiarity with vulnerability scoring, classification and prioritization frameworks (OWASP Top 10, CVSS, CWE, WASC, SANS-25).
• Working knowledge of federal compliance standards (NIST 800-53, FIPS, FedRAMP).
• Ability to work effectively in Linux or UNIX environments for navigation and basic troubleshooting.
• Ability to communicate findings clearly and work cross-functionally to support remediation.

Must have’s:

• Bachelor’s degree in an IT-related field.
• 6+ years of Information Technology experience.
• 3+ years of experience supporting SAST, DAST and IDE plug-in environments using Burp Suite, including 3+ years of hands-on Burp Suite experience.
• 1+ year of experience supporting SAST, DAST and IDE plug-in environments using Veracode.
• 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, networks or infrastructure services.
• 2+ years of experience with Java, Python, .NET or C#.
• 2+ years of experience working in Linux-based environments, including navigating and troubleshooting basic website connectivity issues.
• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Experience with Eclipse, JDeveloper and/or Visual Studio, including pipeline development experience.
• Experience securing enterprise web applications, including familiarity with OWASP Top 10, CVSS, CWE, WASC and SANS-25.
• Knowledge of federal compliance standards, including NIST 800-53, FIPS and/or FedRAMP.
• Applicants must be a U.S. citizen in compliance with federal contract requirements.

Beneficial to have:

• Industry recognized certifications.
• Experience with Interactive Application Security Testing (IAST) tools and capabilities.
• Experience with HackerOne.
• Experience with Selenium.
• Experience writing bash scripts.
• Experience with OWASP ZAP or Burp Proxy.

Where it’s done:

• Remote (Herndon, VA).