Application Security Position:
Location: 100 F Street, Washington, DC. ON-SITE - no remote work
Responsibilities include development and implementation of agency s application security tools, establishing capabilities for defining application security controls, static and dynamic code analysis, identification and of remediation of vulnerabilities in SEC applications; performing security reviews of application designs, deployment architectures, source code, stored procedures, and server/service configurations; and developing and documenting application security standards.
- Bachelor's degree
- Professional Certification: Maintain at least one current professional certification. Acceptable certifications include: ISC2 CISSP, ISC2 CSSLP or other Application Security-level certifications.
- 7+ years with IT work of which at least 5 with Cybersecurity
- Five (5) or more years of experience in the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services.
- Two (2) or more years of software development experience at any time in, to include one or more of the following programming languages: C, C++, C#, JAVA or PHP
- Two (2) or more years of hands-on experience supporting SAST and DAST in an enterprise environment. Example tools include: Veracode, IBM AppScan, Micro Focus Fortify, CAST AIP, Whitehat Sentinel Source, Synopsys Coverity, Checkmarx.
- Two (2) or more years of hands on experience working with Manual Proxy tools (Preferably OWASP ZAP, Burp Proxy, Paros or W3af)
- Expertise in securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE, WASC and SANS-25
- Prior federal government experience
- Work with on-premise as well as cloud applications and data
- Team leadership
- Strong demonstrated knowledge of web protocols and an in-depth knowledge of command-line tools
- Hands-on experience with one or more components from each of the following tools:
- Visual Studio or Eclipse
- Bugzilla or Jira
- Hudson, Jenkins or Cruise Control
- Familiarity with Federal compliance standards such as NIST 800-53, FIPS, FedRAMP.
- Demonstrated understanding of TCP/IP networking concepts and DNS, including hands-on experience in using packet analysis tools such as Wireshark or tcpdump.
If interested and you meet the minimum qualifications, please email your resume and contact information to Jennifer Severance,