Application Security Engineer

RAZOR, INC.
Alexandria, United States of America
5 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Shift work
Languages
English
Compensation
$ 26K

Job location

Remote
Alexandria, United States of America

Tech stack

Kubernetes Security
Azure
Cloud Engineering
Static Program Analysis
Code Review
Computer Security
Github
Open Web Application Security
Systems Development Life Cycle
Fortify (Software)
Zero Trust Network Access
Secure Coding
Security Software
Software Engineering
SonarQube
Enterprise Software Applications
Software Security
Veracode
Gitlab
Kubernetes
Information Technology
Checkmarx
Devsecops
Docker
Jenkins
Static Application Security Testing
Vulnerability Analysis
Dynamic Application Security Testing

Job description

  • Integrate security throughout the software development lifecycle (SDLC) to support secure application development
  • Perform application security assessments, code analysis, and vulnerability identification for enterprise applications
  • Conduct Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and other security testing activities
  • Partner with software developers and DevSecOps teams to remediate application vulnerabilities and strengthen application security
  • Support secure software design reviews, architecture assessments, and threat modeling activities
  • Develop secure coding guidance and security best practices for development teams
  • Support implementation of DevSecOps security controls and automated security testing within CI/CD pipelines
  • Analyze security findings and recommend mitigation strategies to reduce application risk
  • Support Risk Management Framework (RMF) activities and ensure application compliance with DoD cybersecurity requirements
  • Develop security documentation, assessment reports, and technical recommendations
  • Collaborate with cybersecurity engineers, architects, and program stakeholders to strengthen enterprise application security

Requirements

Education & Certification Requirements: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Software Engineering, or a related field (or equivalent experience). Relevant DoD 8140 certifications and industry certifications are preferred and may be required based on program requirements.

Clearance Requirements: Active DoD Secret clearance required. Some positions may require Top Secret/SCI clearance. U.S. Citizenship required.

Location: Seaside, CA or Alexandria, VA (Mark Center). Flexible for occasional telework; candidates must reside locally.

Estimated Salary Range: $ - $ annually, depending on experience, certifications, clearance level, and geographic location., * Experience supporting application security, secure software development, or DevSecOps initiatives

  • Knowledge of secure software development lifecycle (SSDLC) principles and secure coding practices
  • Experience performing application security testing, vulnerability analysis, and remediation
  • Experience with SAST, DAST, SCA, or similar application security testing methodologies
  • Experience supporting CI/CD pipelines and automated security testing
  • Knowledge of common application security risks, including the OWASP Top 10
  • Familiarity with secure software architecture, threat modeling, and code review practices
  • Experience supporting Department of Defense or Federal cybersecurity environments
  • Strong analytical, troubleshooting, and problem-solving skills
  • Excellent written and verbal communication skills

Desired Skills:

  • Top Secret/SCI clearance
  • Security+, CISSP, CSSLP, GIAC, CEH, or other DoD 8140-compliant certifications
  • Experience supporting DevSecOps environments and cloud-native application security
  • Experience with GitLab, Jenkins, Azure DevOps, GitHub, SonarQube, Checkmarx, Fortify, Veracode, or similar security tools
  • Experience supporting container security, Kubernetes, Docker, or Infrastructure as Code (IaC) security
  • Knowledge of NIST RMF, NIST 800-53, Zero Trust Architecture, and DoD cybersecurity requirements
  • Experience supporting enterprise Department of Defense application environments

Benefits & conditions

Benefits Overview: Razor offers a comprehensive benefits package which may include medical, dental, and vision insurance, paid time off, holidays, 401(k) with company match, professional development opportunities, and other competitive benefits designed to support the health and well-being of our employees.

Apply for this position