Application Security Engineer / Security Tester

• Perform authorized security testing on complex, large-scale, and business-critical applications.
• Embed with development teams to enable shift-left security and proactively identify vulnerabilities.
• Act as a liaison between InfoSec and development to translate findings and drive remediation.
• Present risks, mitigations, and residual risk to leadership and engineering stakeholders.

We are seeking a Security Engineer/Tester to join our dynamic team. The ideal candidate will have strong experience in manual and automated application security testing, web technologies, and IAM and a proven ability to identify and communicate vulnerabilities early in the development lifecycle., * 3+ years in software development or testing for large-scale enterprise applications.

• Manual and automated testing experience focused on application security.
• Strong knowledge of web technologies, HTTP/HTTPS, and browser behaviors.
• Domain expertise in IAM and authentication methods including passwords, biometrics, OTP, digital certificates and PKI, device authentication, and FIDO U2F/Passkeys.
• Hands-on with security testing tools such as Fiddler, Burp Suite, and static code analysis tools.
• Knowledge of OWASP Top 10, SANS Top 25, CWE, and CAPEC.
• Bachelor's degree in Computer Science or equivalent experience.
• Ability to work independently and within a fast-paced, team-oriented environment.

Preferred Skills:

• Experience with SSO using SAML/OpenID and OAuth.
• Understanding of cryptographic algorithms and standards including symmetric/asymmetric techniques, digital signatures, JWS/JWE, and HSMs.
• Awareness of cloud-related security vulnerabilities.
• Security certifications are a plus.
• Knowledge of threat modeling and Secure SDLC practices.
• Mobile application security familiarity.

Work Arrangement & Notes:

• Hybrid schedule with a minimum of 3 days onsite starting day 1.

• No current or future sponsorship is available.
• Glider assessment includes ID verification.
• Max 3 submissions per vendor; resume bucket supports 2 roles.
• Please include candidate's current location and work intent on the resume and note if 18 months tenure is not available.
• Do not submit candidates previously rejected or interviewed for BACJP00220355.

Why BCforward?

At BCforward, we believe in advancing lives and careers. When you join our team, you gain access to:

• Competitive compensation and benefits.
• Opportunities for growth with global clients.
• A supportive, inclusive culture that values innovation and people.
• Exposure to cutting-edge technologies and projects.

BCforward is a leading global IT consulting and workforce solutions firm providing services and support to Fortune 500 and government clients. Founded in 1998, BCforward has grown with our customers needs into a full-service business solutions provider. With delivery centers and offices across North America and India, we take pride in building long-term relationships and delivering excellence through innovation, collaboration, and integrity.