Application Security Engineer
Role details
Job location
Tech stack
Job description
- Integrate security throughout the software development lifecycle (SDLC) to support secure application development
- Perform application security assessments, code analysis, and vulnerability identification for enterprise applications
- Conduct Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and other security testing activities
- Partner with software developers and DevSecOps teams to remediate application vulnerabilities and strengthen application security
- Support secure software design reviews, architecture assessments, and threat modeling activities
- Develop secure coding guidance and security best practices for development teams
- Support implementation of DevSecOps security controls and automated security testing within CI/CD pipelines
- Analyze security findings and recommend mitigation strategies to reduce application risk
- Support Risk Management Framework (RMF) activities and ensure application compliance with DoD cybersecurity requirements
- Develop security documentation, assessment reports, and technical recommendations
- Collaborate with cybersecurity engineers, architects, and program stakeholders to strengthen enterprise application security
Requirements
Education & Certification Requirements: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Software Engineering, or a related field (or equivalent experience). Relevant DoD 8140 certifications and industry certifications are preferred and may be required based on program requirements.
Clearance Requirements: Active DoD Secret clearance required. Some positions may require Top Secret/SCI clearance. U.S. Citizenship required.
Location: Seaside, CA or Alexandria, VA (Mark Center). Flexible for occasional telework; candidates must reside locally.
Estimated Salary Range: $ - $ annually, depending on experience, certifications, clearance level, and geographic location., * Experience supporting application security, secure software development, or DevSecOps initiatives
- Knowledge of secure software development lifecycle (SSDLC) principles and secure coding practices
- Experience performing application security testing, vulnerability analysis, and remediation
- Experience with SAST, DAST, SCA, or similar application security testing methodologies
- Experience supporting CI/CD pipelines and automated security testing
- Knowledge of common application security risks, including the OWASP Top 10
- Familiarity with secure software architecture, threat modeling, and code review practices
- Experience supporting Department of Defense or Federal cybersecurity environments
- Strong analytical, troubleshooting, and problem-solving skills
- Excellent written and verbal communication skills
Desired Skills:
- Top Secret/SCI clearance
- Security+, CISSP, CSSLP, GIAC, CEH, or other DoD 8140-compliant certifications
- Experience supporting DevSecOps environments and cloud-native application security
- Experience with GitLab, Jenkins, Azure DevOps, GitHub, SonarQube, Checkmarx, Fortify, Veracode, or similar security tools
- Experience supporting container security, Kubernetes, Docker, or Infrastructure as Code (IaC) security
- Knowledge of NIST RMF, NIST 800-53, Zero Trust Architecture, and DoD cybersecurity requirements
- Experience supporting enterprise Department of Defense application environments
Benefits & conditions
Benefits Overview: Razor offers a comprehensive benefits package which may include medical, dental, and vision insurance, paid time off, holidays, 401(k) with company match, professional development opportunities, and other competitive benefits designed to support the health and well-being of our employees.