Web Application Security Engineer

checkmarx, fortify, source code
Full Time
Telecommuting not available Travel not required

Job Description

General Summary

Analyze application source code for vulnerabilities and research threats and attack vectors that impact web applications. Utilize static code analysis tools such as Checkmarx or Fortify to assist application teams to apply application security best practices and identify potential vulnerabilities throughout the SDLC. Works closely with team members to support the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.

Essential Duties and Responsibilities

  • Primary responsibilities include performing static code analysis using tools such as Checkmarx and HP Fortify

  • Discovery of application security weaknesses, writing recommendations for remediation, and perform secure code reviews

  • Research threats and attack vectors that impact web applications and infrastructure and stay up-to-date with current web application security threats

  • Assess new and existing applications and system deployments for vulnerabilities and design flaws, and prioritize remediation efforts based on risk

  • Document and explain risks and vulnerabilities to technical stakeholders and leadership

  • Define, maintain, and enforce application security best practices

  • Identify additional application security related tools, conducts tool analysis, and provide recommendations on what tools will enhance security protocols

  • Perform and conduct penetration tests and manual security assessments as needed

  • Create and deliver training to developers and other relevant team members on Secure Code Development as well as other security protocols as needed

Minimum Qualifications

  • Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. Master's Degree preferred.

  • 5-15 years of experience as an Application Security Developer, Application Security Analyst, or equivalent.

Knowledge, Skills, and Abilities

  • Knowledge of secure development principles in at least one environment (i.e. Java or .NET). System development experience in technologies like .NET, Java, JavaScript, Python, Ruby

  • Experience with .NET technologies is required

  • Experience with static code analysis tools is required (e.g.: Checkmarx, HP Fortify)

  • Experience with application security testing techniques using additional automated and manual testing tools (e.g.: IBM Appscan, BurpSuite, Kali, AppDetective)

  • Advanced knowledge of web application vulnerabilities such as cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors

  • Awareness of security-related best programming practices for J2EE and .NET

  • Knowledge of the SDLC and experience working with development teams


Posted By

ASM Research

Dice Id : 10238000
Position Id : 20170105-977
Have a Job? Post it

Similar Positions

Application Security Assessor/Penetration Tester
  • VariQ Corporation
  • Virginia, VA
Web Application Security Tester
  • Smartlink, LLC (HQ)
  • Washington, DC
Senior Vulnerability Assessment Engineer/ SME
  • Alpha Recruitment
  • Washington, DC
Penetration Tester
  • Scope Group
  • Arlington, VA
Application Security Engineer
  • Career Advancements, Inc.
  • Rockville, MD
Application Security Engineer
  • Target Labs
  • Mclean, VA
Software Security Engineer
  • CompuGain Corporation
  • Rockville, MD
Application Security Specialist
  • Saven Technologies
  • Bethesda, MD
Application Security Engineer
  • CNSI
  • Rockville, MD
Sr. Web Application Security Engineer
  • VMD Systems Integrators Inc
  • Washington, DC
Security Analyst/Engineer (3 Open Role)
  • GATE Staffing
  • Washington, DC