Application Security Engineer / Security Tester

Job Title: Application Security Engineer / Security Tester

Location: Seattle, WA / Addison, TX

Duration: Contract - 8 months (potential contract-to-hire)

Pay Range: Seattle, WA: $67.16/hr (W2) | Addison, TX: $60.40/hr (W2)

Job ID: 399597

About BCforward

BCforward is a leading global IT consulting and workforce solutions firm providing services and support to Fortune 500 and government clients. Founded in 1998, BCforward has grown with our customers needs into a full-service business solutions provider. With delivery centers and offices across North America and India, we take pride in building long-term relationships and delivering excellence through innovation, collaboration, and integrity.

Job Description

We are seeking a Security Engineer/Tester to join our dynamic team. The ideal candidate will have strong experience in manual and automated application security testing, web technologies, and IAM and a proven ability to identify and communicate vulnerabilities early in the development lifecycle.

Responsibilities:

• Perform authorized security testing on complex, large-scale, and business-critical applications.


• Embed with development teams to enable shift-left security and proactively identify vulnerabilities.


• Act as a liaison between InfoSec and development to translate findings and drive remediation.


• Present risks, mitigations, and residual risk to leadership and engineering stakeholders.

Required Skills & Qualifications:

• 3+ years in software development or testing for large-scale enterprise applications.


• Manual and automated testing experience focused on application security.


• Strong knowledge of web technologies, HTTP/HTTPS, and browser behaviors.


• Domain expertise in IAM and authentication methods including passwords, biometrics, OTP, digital certificates and PKI, device authentication, and FIDO U2F/Passkeys.


• Hands-on with security testing tools such as Fiddler, Burp Suite, and static code analysis tools.


• Knowledge of OWASP Top 10, SANS Top 25, CWE, and CAPEC.


• Bachelor's degree in Computer Science or equivalent experience.


• Ability to work independently and within a fast-paced, team-oriented environment.

Preferred Skills:

• Experience with SSO using SAML/OpenID and OAuth.


• Understanding of cryptographic algorithms and standards including symmetric/asymmetric techniques, digital signatures, JWS/JWE, and HSMs.


• Awareness of cloud-related security vulnerabilities.


• Security certifications are a plus.


• Knowledge of threat modeling and Secure SDLC practices.


• Mobile application security familiarity.

Work Arrangement & Notes:

• Hybrid schedule with a minimum of 3 days onsite starting day 1.


• Start date targeted for August.


• No current or future sponsorship is available.


• Glider assessment includes ID verification.


• Max 3 submissions per vendor; resume bucket supports 2 roles.


• Please include candidate's current location and work intent on the resume and note if 18 months tenure is not available.


• Do not submit candidates previously rejected or interviewed for BACJP00220355.

Why BCforward?

At BCforward, we believe in advancing lives and careers. When you join our team, you gain access to:

• Competitive compensation and benefits.


• Opportunities for growth with global clients.


• A supportive, inclusive culture that values innovation and people.


• Exposure to cutting-edge technologies and projects.

About Our Commitment

BCforward is an equal opportunity employer. We value diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, or veteran status.

Interested? Apply Now!

If this sounds like the right opportunity for you, please apply with your most recent resume.