Listing Description
Requisition #: 392
Job Title: Senior Application Security Engineer
Location: 100 F Street, NE Washington, D.C., District of Columbia 20549
Clearance Level: Active DoD - Public Trust
Required Certification(s):
·
SUMMARY Work together with the client and application community to maintain a resilient security posture for highly visible applications.
JOB DUTIES AND RESPONSIBILITIES
· Remediate application security flaws in conjunction with the application security team.
· Lead security discussions with the application teams to prescribe security best practices within their development lifecycle.
· Perform dynamic and static application performance testing, perform security requirements creation or generation-level threat modeling leveraging tools, including SD Elements, and perform application-level testing using applications such as Burp Suite.
· Work with the latest OWASP frameworks.
QUALIFICATIONS Required Certifications
·
Education, Background, and Years of Experience
· HS diploma or GED
ADDITIONAL SKILLS & QUALIFICATIONS Required Skills
· 6+ years of Information Technology experience
· 3+ years of experience with Java, Python, .NET, or C#
· 3+ years of experience with Burp Suite
· 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
· 3+ years of experience with supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode (Preferred) or similar application
· Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
· Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
· Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
· Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
· Ability to obtain a security clearance
· HS diploma or GED
Preferred Skills
· Experience with Interactive Application Security Testing (IAST) capabilities and tools
· Experience writing bash scripts
· Experience with OWASP ZAP or Burp Proxy
WORKING CONDITIONS Environmental Conditions
· Monday - Friday position.
Strength Demands
· Light – 20 lbs. Maximum lifting with frequent lift/carry up to 10 lbs. A job is light if less lifting is involved but significant walking/standing is done or if done mostly sitting but requires push/pull on arm or leg controls.
Physical Requirements
· Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel;
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided