Application Security Engineer
Overview
Application Security Engineer
Remote (US Based)
US Citizen - Clearable (Will get a Public Trust)
Summary
Our client provides leading edge cybersecurity services that improve security, promote innovation, and transform cybersecurity for government and commercial customers.
Our client is on the front lines of the cyber landscape, specializing in unique cybersecurity solutions, infrastructure support, and end user support.
They also remain committed to their clients’ success and ensure that their initiatives are properly aligned with their core mission.
Our client works closely with their partners and clients to understand their needs and ensure their short and long term targets are met or exceeded.
Their expert team works to design and execute progressive, innovative solutions that are helping our clients modernize their infrastructure and stay ahead of the constantly evolving thread landscape.
They also believe in hiring smart people then giving them space to thrive. Staying ahead of the pack requires not just economic vigilance but ambitious business goals and a purposeful, cohesive workforce.
Our client is able to attract and retain their professionals by consistently creating an environment based on trust, fairness and opportunity.
Additionally, they believe in establishing open communication that encourages achievable performance expectations. With also incorporating collaboration within their organization, it creates a positive energy and true ownership in providing services that are essential to deliver results of the highest quality.
Responsibilities
Our client is looking for an Application Security Engineer to join their team! As a candidate, you can have experience focused more on either the security testing or the infrastructure side of application engineering.
This is an exciting opportunity to use your experience and skills to make a significant contribution to the security of our client's applications, systems, and networks.
- Design and implement security controls to protect our applications, systems, networks, and infrastructure services
- Support Veracode Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments
- Utilize Interactive Application Security Testing (IAST) capabilities and tools to enhance security
- Develop and secure enterprise web applications, addressing key security risks such as OWASP Top 10, CVSS, CWE, WASC, and SANS-25
- Troubleshoot and resolve basic website connectivity issues in Linux or UNIX environments
- Design and implement enterprise-wide security controls to protect applications, systems, networks, and infrastructure services
- Set up SAML authentication for our applications
- Write and manage Amazon CloudFormation Templates (CFT)
- Manage MySQL databases to ensure efficient operation and data integrity
- Troubleshoot Linux Nftables and IPTables at the command-line
Requirements
- 3+ years of experience with Java, Python, .NET, or C#
- 3+ years of experience with using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
- 3+ years of experience with supporting Veracode Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments
- Experience with Interactive Application Security Testing (IAST)capabilities and tools
- Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
- Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
- Knowledge of web protocols and a command line tool
- Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
- Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
- 3+ years of experience with Java, Python, .NET, or C#
- 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
- Experience with Eclipse, Visual Studio, or JDeveloper, including pipeline development
- Experience with setting up SAML authentication
- Ability to write Amazon CloudFormation Templates (CFT)
- Ability to manage MySQL databases
- Ability to troubleshoot Linux Nftables and IPTables at the command-line
Education / Certification Requirements
None.
Clearance Requirements
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information;
a Public Trust is required for this position once an offer is made. Onboarding can take 4-6 weeks to meet this requirement.
Other Duties Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job.
Duties, responsibilities, and activities may change at any time with or without notice.