JOBSEARCHER

Application Security Engineer

ARCHIVED

We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.

Job Title: AppSec EngineerLocation: Rockville, MD or Tysons, VA (3 days onsite in a week) Pen testingSAST / DASTBurp suiteOWASP Top 10Can read code (java, python, etc.)AI/GenAIJD:Plan, coordinate and implement application security practices in each phase of software development life cycle though testing, remediation support, tool evaluation, etc. This role involves in evaluating security vulnerabilities, security tools, implementing security solutions, and leveraging latest solutions to secure code review capabilities.Perform security assessments and manual penetration testing using tools such as Burp Suite and other proxy tools.Triage static (SAST), dynamic (DAST), interactive (IAST) analysis results to identify, prioritize and remediate security vulnerabilities.Integrate security practices into C/CD pipeline to support DevSecOps initiative.Maintain documentation of security findings, remediation plans, and compliance requirementsDevelop and interpret security policies and procedures Participate in security compliance effortsDevelop and deliver training materials and perform general security awareness and specific security technology trainingEvaluate and recommend new and emerging security products and technologiesLeverage GenAI technologies to scale application security reviews and automate code analysisEvaluate various application security tools/capabilities i.e., SAST,DAST, IaC, Secrets detection toolsStay current with emerging security threats and countermeasures.Ability to train or explain the common security issues to raise the security awareness among developers and assurance engineers.Perform AWS configuration reviewsQualifications:5+ years of experience required in Cyber security and application securityFamiliarity with SAST, DAST, IAST tools.Understanding of AWS is requiredDeep understanding of OWASP top issues and remediation guidelines.Proficiency in one or more programming language ( Java, Python, JavaScript is preferred)Understanding of CI/CD tools such as Jenkins and GITLAB.Familiarity with GenAI tools is a plus.Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application securityCandidates with software development background is a plusConsistent implementation of security solutionsExperience in infrastructure or application-level vulnerability testing and auditingCertifications like GWAPT, OSWE, Burp Suite Certified Practitioner are good to have