Application Security Engineer

New

TOMORROW HIREInformation Technology

Fully Remote (East Coast), EST/EDTFull-TimeSenior

Salary120,000 - 140,000 USD per year

Apply NowOpens the employer's application page

Job Details

Experience: 6+ years of Information Technology experience, 3+ years of hands-on experience supporting application security testing, 2+ years of development experience, 3+ years of experience designing and implementing enterprise-wide security controls
Required Skills: PythonBashJavaSelenium

6+ years of Information Technology experience with a focus on application and security engineering
3+ years of hands-on experience supporting application security testing (SAST and DAST)
Demonstrated experience with SAST, DAST, and IDE plug-in integrations using Veracode and Burp Suite
Experience performing authenticated and unauthenticated crawl auditing and DAST scanning using Burp Suite Enterprise Edition
Experience with Interactive Application Security Testing (IAST) tools and methodologies
Proficiency using OWASP ZAP and/or Burp Proxy
Experience with vulnerability discovery and remediation programs (e.g., HackerOne)
Experience with test automation tools including Selenium
Proficiency in bash scripting for security automation and troubleshooting
2+ years of development experience in Java, Python, .NET, or C#
Experience integrating security into development workflows (Eclipse, JDeveloper, Visual Studio)
3+ years of experience designing and implementing enterprise-wide security controls
Knowledge of federal compliance frameworks: NIST 800-53, FIPS, and FedRAMP
Working knowledge of Linux/UNIX environments
High School Diploma or GED

Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite.
Design and implement enterprise-wide security controls to secure applications, systems, networks, or infrastructure services.
Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring, CWE, WASC, and SANS Top 25 vulnerabilities.
Integrate security practices into development workflows using IDEs such as Eclipse, JDeveloper (including pipeline development), or Visual Studio.
Perform application security testing and automation using tools such as OWASP ZAP, Burp Proxy, Selenium, and Interactive Application Security Testing (IAST) capabilities.
Write and maintain bash scripts to support security automation, testing, and troubleshooting tasks.
Participate in vulnerability discovery, triage, and remediation processes, including crowdsourced security programs via platforms like HackerOne.
Work in Linux or UNIX environments, including navigating file systems and troubleshooting basic website connectivity and security issues.
Ensure applications and security practices align with federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.

View Full Description & ApplyYou'll be redirected to the employer's site