Application Security Engineer

About This Role

This role involves supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using tools like Veracode and Burp Suite. The engineer will also be responsible for applying enterprise-wide security controls to secure applications, systems, network, or infrastructure services.

Responsibilities

• Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite
• Design and implement enterprise-wide security controls to secure applications, systems, network, or infrastructure services
• Navigate and troubleshoot issues in Linux based environments
• Secure enterprise web applications using knowledge of OWASP Top 10, CVSS, CWE, WASC, and SANS-25
• Ensure compliance with federal standards including NIST 800-53, FIPS, or FedRAMP

Requirements

• 6+ years of Information Technology experience
• 3+ years of experience with supporting SAST, DAST, and IDE Plug-in environments using Veracode and Burp Suite
• 3+ years of experience using the design and implementation of enterprise-wide security controls
• 2+ years of experience with Java, Python, .NET, or C#
• 2+ years experience working in Linux based environments
• Experience with Eclipse, JDeveloper, or Visual Studio
• Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
• Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP

Qualifications

• Bachelors degree - IT related
• 6+ years of Information Technology experience

Nice to Have

• Experience with Interactive Application Security Testing (IAST) capabilities and tools
• Experience with HackerOne
• Experience with Selenium
• Experience writing bash scripts
• Experience with OWASP ZAP or Burp Proxy

Skills

* Required skills

Benefits