Sr. Application Security Engineer
Rockhammer Talent Solutions
Arlington County , VA 22203
Posted 2 months ago
Our client has an immediate need for a Senior Application Security Engineer to join the Threat Management Team.
This position is within the Information Security Department, on the Threat Management team.
The developer will be responsible for collaborating with application development teams, project managers and DevOps team members to improve the security of applications across the SDLC. The engineer will require a thorough knowledge of Agile SDLC methodologies and Secure DevOps practices. The position requires strong secure application development, testing and automation experience.
The engineer will support overall application security team responsibilities, and build integration between application security products, the CI/CD pipeline and bug tracking systems. Additional duties will include the review of DAST and SAST results with developers and providing guidance on remediation efforts. The engineer will develop and update information security policies and procedures and advise on information security practices and requirements in relation to application security.
The ideal candidate will have a strong development background and want to learn and grow in the field of cyber security.
The Senior Application Security Engineer must take ownership of projects/tasks/issues and work them through completion.
The candidate shall have the knowledge, qualifications, and experience relating to the following responsibilities:
Candidate Duties and Responsibilities:
The Senior Application Security Engineer shall also perform the following responsibilities as outlined below:
Assist the Threat Management team in developing, maintaining, and executing the NRECA application security program
Build and maintain integration between application security products, bug trackers and CI/CD tools
Work with application developers and DevOps groups to maintain a detailed inventory of all web applications
Coordinates and supports application assessments
Develops reportable observations, findings, and recommendations to relay to application developers and IT leadership
Manage the lifecycle of vulnerabilities discovered during application security scans
Participate in Red Team activities and Internal Penetration Testing
Strong communication skills, with the ability to explain the technical details of OWASP Top 10 and other vulnerabilities from C-levels to developers in a large professional environmentMinimum Qualifications:
Four (4) year degree in Computer Science or related field, or equivalent work experience.
Four (4) years of progressively responsible information systems and application security engineering experience that demonstrates an understanding of the required knowledge, skills, and abilities
Four (4) years of Node.js experience
Five (5) years of .NET development experience
Strong familiarity with OWASP Top 10 web vulnerabilities and how to engineer software to avoid them
Knowledge of and experience working in an Agile SDLC model
Experience working with DAST and SAST products, preferably IBM AppScan and Veracode
Experience integrating DAST and SAST capabilities into a CI/CD pipeline, experience with TeamCity preferred
Experience with a scripting language (Python, Ruby, Perl, etc.)
Experience working with third party security vendors
Strong proficiency in active listening and the ability to learn quickly
Ability to communicate technical security concepts to a diverse audience (written and verbal)
Mobile Application Penetration Testing (i.e. iOS, Android, Windows, Blackberry)
Database Experience (DBA or security penetration testing)
Web Services Security Penetration Testing Experience
Node.js, .Net, CSS, jQuery, Python, DevOps