Application Security Engineer

The Application Security Engineer will perform activities to help proactivelysecure and remediate flaws in highly visible software applications throughoutall stages of the software development life cycle, including during design,secure coding and development, testing, and deployment stages.

Duties willinclude: engaging with application teams and other stakeholders; conductingstatic code analysis, dynamic code analysis, or penetration testing -leveragingOWASP frameworks and tools such as Burp Suite; and developing securityrequirements and modeling threats leveraging tools such as SDElements.

Basic Qualifications:

3+ years of experience with one or more of the following programminglanguages: Java, Python, .NET, or C#3+ years of experience with using the design and implementation ofenterprise-wide security controls to secure applications, systems, network, orinfrastructure services3+ years of experience with supporting Veracode Static Application SecurityTesting (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-inenvironmentsExperience with Eclipse, JDeveloper, including pipeline development, orVisual StudioExperience with securing enterprise web applications and OWASP Top 10, CVSS,CWE, WASC, and SANS-25Knowledge of web protocols and a command line toolKnowledge of federal compliance standards, including NIST 800-53, FIPS, orFedRAMPKnowledge of Linux or UNIX environments, including navigating andtroubleshooting basic website connectivity issuesAbility to obtain a security clearanceBA or BS degree

Additional Qualifications:

Experience with the SecurityCompass SDElements security requirements toolExperience with Interactive Application Security Testing (IAST) capabilitiesand toolsExperience with OWASP ZAP or Burp Proxy