- Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite.
- Design and implement enterprise-wide security controls to secure applications, systems, networks, or infrastructure services.
- Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring, CWE, WASC, and SANS Top 25 vulnerabilities.
- Integrate security practices into development workflows using IDEs such as Eclipse, JDeveloper (including pipeline development), or Visual Studio.
- Perform application security testing and automation using tools such as OWASP ZAP, Burp Proxy, Selenium, and Interactive Application Security Testing (IAST) capabilities.
- Write and maintain bash scripts to support security automation, testing, and troubleshooting tasks.
- Participate in vulnerability discovery, triage, and remediation processes, including crowdsourced security programs via platforms like HackerOne.
- Work in Linux or UNIX environments, including navigating file systems and troubleshooting basic website connectivity and security issues.
- Ensure applications and security practices align with federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.
PythonBashJava+1 more