Application Security Engineer (SQL Injection, Veracode, OWASP 10, SQL/ mysql, Appscan, at least one security related Cert)
- NO c2c or Third Party
Need a Security Engineer turned security specialist who can spot anomalies in code and guide developers on improving quality of code, not just security tool operators who find issues, which is the norm. They should be able to tell if there is SQL injection vulnerability by looking at code, and not just be tool operators. The customer’s objective is to train the developers to follow best practices and avoid making security errors (preventive), not just catch security risks in code (reactive). Which is why they are looking for persons with development background especially in Java and SQL which are heavily used at the client site.
At the SEC in Washington DC (next to Union Station) – Initially Tele-work due to Covid. The position is with the Security Design and Engineering branch of the Agency and it’s a very collaborative environment requiring face time with team members and customers as they develop the security process and best practices. Due to Covid, the work will initially be remote, once it is safe to be onsite, the expectation is for the work to be done onsite, daily.
Responsibilities include development and implementation of agency’s application security tools, establishing capabilities for defining application security controls, static and dynamic code analysis, identification and of remediation of vulnerabilities in applications; performing security reviews of application designs, deployment architectures, source code, stored procedures, and server/service configurations; and developing and documenting application security standards.
9720 Capital Ct, Ste 301 Manassas, VA, 20110Contact