Previous Job
Previous
Application Security Engineer
Ref No.: 17-01815
Location: Reston, Virginia
Position Type:Full Time
Pay Rate : $ 80,000.00 - 120,000.00 /Year
The Application Security Engineer will work with application development teams as well as 3rd party organizations to ensure that security, privacy, and compliance constraints are built into the applications. In addition to securing applications the engineer will be expected to help develop tools and scripts to enhance security processes and systems. The individual should exhibit the following: strong interpersonal skills, be highly motivated, results oriented, have excellent communication and presentation skills, and be a strong team player.

Responsibilities:
  • Perform manual and automated application vulnerability assessments and document vulnerabilities which were found and provide recommendations for remediation
  • Perform manual code reviews on systems to identify vulnerabilities as a complement to automated vulnerability assessments
  • Provide security recommendations as a subject matter expert for development teams during all phases of development
  • Develop tools and scripts to enhance and automate security systems and processes
  • Validate vulnerability resolutions and ensure they are deployed to production in a timely manner
  • Track open issues and follow up to ensure remediation
  • Participate in the change management process ensuring that all releases are reviewed by security before being approved for production
  • Provide guidance to application groups on application security best practices
  • Enhance and deliver application security training to engineers
  • Develop automated security tests that can be integrated into a product's automated test suites

QUALIFICATIONS
  • 8+ years industry experience
  • 4+ years of hands-on application security assessment experience
  • 2+ years of Application development experience
  • Experience with various programming languages (preferred C, C++, Java, Python, and JavaScript)
  • Experience developing API based applications to integrate disparate systems
  • Experience using Burp Suite to perform security assessments (with a focus on manual testing)
  • Knowledge of the OWASP Testing Framework and OWASP Top 10
  • Experience in implementing security assessments within a continuous integration pipeline highly preferred
  • Methodical and organized; able to manage multiple opportunities, projects, and partners concurrently
  • Able to multi-task and work independently with minimum supervision to meet firm deadlines
  • Performs other special projects or duties as assigned
  • Understanding of Agile methodologies (Kanban, Scrum, pair programming etc.)