Application Security Analyst

Application Security, Dynamic Application Security Testing, Static Application Security Testing, OWASP, Burp Suite, Zap, Veracode, Appscan, Fortify
Full Time
Depends on Experience
Work from home not available Travel not required

Job Description





Application Security Position:


Location: 100 F Street, Washington, DC. ON-SITE - no remote work


Responsibilities include development and implementation of agency s application security tools, establishing capabilities for defining application security controls, static and dynamic code analysis, identification and of remediation of vulnerabilities in SEC applications; performing security reviews of application designs, deployment architectures, source code, stored procedures, and server/service configurations; and developing and documenting application security standards.


Required Skills:



  • Bachelor s degree

  • Professional Certification: Maintain at least one current professional certification. Acceptable certifications include: ISC2 CISSP, ISC2 CSSLP or other Application Security-level certifications.

  • 7+ years with IT work of which at least 5 with Cybersecurity

  • Five (5) or more years of experience in the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services.

  • Two (2) or more years of software development experience at any time in, to include one or more of the following programming languages: C, C++, C#, JAVA or PHP

  • Two (2) or more years of hands-on experience supporting SAST and DAST in an enterprise environment. Example tools include: Veracode, IBM AppScan, Micro Focus Fortify, CAST AIP, Whitehat Sentinel Source, Synopsys Coverity, Checkmarx.

  • Two (2) or more years of hands on experience working with Manual Proxy tools (Preferably OWASP ZAP, Burp Proxy, Paros or W3af)

  • Expertise in securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE, WASC and SANS-25



Desired Skills:



  • Prior federal government experience

  • Work with on-premise as well as cloud applications and data

  • Team leadership

  • Strong demonstrated knowledge of web protocols and an in-depth knowledge of command-line tools

  • Hands-on experience with one or more components from each of the following tools:


    • Visual Studio or Eclipse

    • Bugzilla or Jira

    • Hudson, Jenkins or Cruise Control


  • Familiarity with Federal compliance standards such as NIST 800-53, FIPS, FedRAMP.

  • Demonstrated understanding of TCP/IP networking concepts and DNS, including hands-on experience in using packet analysis tools such as Wireshark or tcpdump.


If interested, please email your resume and contact information to Jennifer Severance, jseverance@global-isi.com




Posted By

Jennifer Severance

Dice Id : 10119700
Position Id : 6049194
Have a Job? Post it