Govt: Application Security Engineer (SAST/DSAT, OWASP, Veracode, Burpsuit, Java/Php/C+) W2 / USC

Veracode, sql injection, OWASP, Burp
Contract W2, Contract Independent
Depends on Experience
Work from home available Travel not required

Job Description

Application Security Engineer (SQL Injection, Veracode, OWASP 10, SQL/ mysql, Appscan, at least one security related Cert)

- NO c2c or Third Party

Hello, (No CPTs please and we strongly encourage USC to apply. )
I would like to share the following position with you. Please review the description and submit your update word copy of resume along with expected w2 and location option. Thank you,
Location: Washington, DC - (Initial work will be tele-work due to Covid)
Duration: long term (5 plus years)
Visa: Preferences USC eligibility for Public Trust
Interview: Phone & zoom - Prefer local
Rates w2/1099: Please highlight your expectations

Need a Security Engineer turned security specialist who can spot anomalies in code and guide developers on improving quality of code, not just security tool operators who find issues, which is the norm. They should be able to tell if there is SQL injection vulnerability by looking at code, and not just be tool operators. The customer’s objective is to train the developers to follow best practices and avoid making security errors (preventive), not just catch security risks in code (reactive). Which is why they are looking for persons with development background especially in Java and SQL which are heavily used at the client site.


At the SEC in Washington DC (next to Union Station) – Initially Tele-work due to Covid. The position is with the Security Design and Engineering branch of the Agency and it’s a very collaborative environment requiring face time with team members and customers as they develop the security process and best practices. Due to Covid, the work will initially be remote, once it is safe to be onsite, the expectation is for the work to be done onsite, daily.


Responsibilities include development and implementation of agency’s application security tools, establishing capabilities for defining application security controls, static and dynamic code analysis, identification and of remediation of vulnerabilities in applications; performing security reviews of application designs, deployment architectures, source code, stored procedures, and server/service configurations; and developing and documenting application security standards.

 Required Skills:

  • Bachelor’s degree
  • 7+ years with IT work of which at least 5 with Cybersecurity.
  • Five (5) or more years of experience in the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services.
  • Maintain at least one current professional certification. At least one current certification - Acceptable certifications include: ISC2 CISSP, ISC2 CSSLP or other Application Security-level certifications.  
  • Two or more years of hands-on experience supporting SAST and DAST in an enterprise environment.
  • Must have Application security tools: Veracode (currently used)
  • Other tools are secondary – viz: HP Fortify, IBM AppScan, CAST AIP, Whitehat Sentinel Source, Checkmarx.
  • Must have worked with Manual Proxy tools Preferably: OWASP ZAP, Burp Proxy, Paros or W3af
  • MUST HAVE Software development experience in the past for a couple of years at least in order to review code and be comfortable in guiding developers towards security practices. Technologies to include one or more of the following programming languages: C, C++, C#, JAVA or PHP
  • Expertise in securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE, WASC and SANS-25


Desired Skills:

  • Prior federal government experience
  • Work with on-premise as well as cloud applications and data

Posted By

JPI Recruitment

9720 Capital Ct, Ste 301 Manassas, VA, 20110

Dice Id : 90907789
Position Id : 597947
Originally Posted : 4 years ago
Have a Job? Post it

Similar Positions

Security Engineer
  • Kforce Technology Staffing
  • Sterling, VA
Application Security Analyst
  • Integrated Systems, Inc.
  • Washington, D.c., DC
Blue Team Engineer
  • ShorePoint, Inc
  • Washington, DC
Application Security Engineer
  • Smart Synergies
  • Bethesda, MD
Vulnerability Management Analyst
  • CyberData Technologies
  • Rockville, MD
Information Security/ Privacy Analyst
  • InfiCare Technologies
  • Herndon, VA
Security Specialist
  • Arthur Grand Technologies Inc
  • Washington D.c., DC
Cyber Security Engineer
  • Zolon Tech Solutions Inc
  • Reston, VA
Senior Cyber Security Threat Intelligence Analyst
  • Bering Straits Native Corporation
  • Washington, DC
Cyber Security Engineer
  • Global It Solutions Usi Inc
  • Arlington, VA
Senior Security Engineer
  • VariQ Corporation
  • Washington, DC
Data Security Analyst
  • ObjectWin Technology Inc
  • Sterling, Virginia
IT Security Analyst
  • Sparks Group
  • Sterling, VA
Senior Information Security Engineer
  • Conference of State Bank Supervisors
  • Washington D.c., DC