Senior Application Security Engineer in Washington
Role details
Job location
Tech stack
Job description
· Support development teams with secure code (DAST, SAST, Dependency, Secret Detection, Container scans, etc.) reviews and other assessments to identify security weaknesses and vulnerabilities
· Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices
· Recommend cyber defense and vulnerability assessment tools
· Review and research monthly continuous monitoring controls documentation tasks that is required by OIS
· Continuous Process Improvement, actively contribute to the development of standardized operating procedures (SOPs) for API security testing
· Collaborate closely with cross-functional teams, including system administrators and Information System Security Officers (ISSOs)
Security Clearance Requirement:
· Active Public Trust and eligible to obtain a Secret clearance
Requirements
- Strong written and verbal communication skills
· Must have GitLab CI/CD pipeline experience
· Assist in the development and implementation of the DevSecOps strategy to include the definition and goals of the over-arching framework and methodologies
· Assist customers with implementing a secure CI/CD pipeline utilizing DevSecOps principles and practices to increase automation and reduce human involvement in the process
· Reviewing source code for potential security vulnerabilities
· Strong analytical skills to assess risks and vulnerabilities in complex systems
· Writing security test cases to check for vulnerabilities or broken/missing security controls.
· Implement automated security controls as part of CI/CD pipelines, * At least Ten (10) years of experience working in cybersecurity or information technology with a bachelor's degree. Minimum of 5 years' experience in vulnerability management, application and software security team, Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling
- Solid experience in application security and software development in one or more programming such as C#, Java, Python, etc
- Experience with security tools such as SAST, DAST, IAST, SCA and other security tools
· Familiarity with industry-standard security frameworks such as OWASP, NIST, BSIMM etc
· Experience with CICD pipeline, security tools integration and secure SDLC
- Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
- CISSP, OSCP, any DevSecOps or other related Information Security certification
- Experience with cloud-based infrastructure (AWS, Azure, or GCP)
