Remote Application Security Engineer

Summary

Join phia as an Application Security Engineer to work with the Federal client on maintaining a resilient security posture for high-visibility applications. This role allows remote work from anywhere within the United States, requires U.S. citizenship, and Public Trust clearance. If you enjoy complex problem-solving and innovative solutions, this position may be a good fit.

Requirements

• 6+ years of Information Technology experience
• 3+ years of experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments, particularly using Veracode
• 2+ years of hands-on experience with Java, Python, .NET, or C#
• 3+ years of proficiency with Burp Suite for application security testing
• 3+ years of experience designing and implementing enterprise-wide security controls
• Expertise in securing enterprise web applications and thorough knowledge of OWASP Top 10, CVSS, CWE, WASC, and SANS-25
• Familiarity with federal compliance standards, including NIST 800-53, FIPS, and FedRAMP
• Proficiency in Linux or UNIX environments, including troubleshooting website connectivity issues
• Experience with development environments such as Eclipse, JDeveloper, or Visual Studio
• Strong understanding of CI/CD pipeline security integration
• U.S. citizenship and ability to obtain a Public Trust clearance

Responsibilities

• Collaborate with the federal client and application teams to maintain a robust security posture for high-visibility applications
• Lead proactive security discussions with development teams to integrate best practices throughout the software development lifecycle
• Conduct comprehensive application security assessments using dynamic and static testing methodologies
• Perform threat modeling and security requirements analysis using tools like SD Elements
• Execute in-depth application penetration testing using industry-standard tools such as Burp Suite
• Implement and leverage the latest OWASP frameworks to enhance application security
• Develop and maintain security controls to protect applications, systems, and infrastructure services
• Provide expert guidance on remediating identified security flaws and vulnerabilities
• Stay current with evolving security threats and compliance standards to ensure continuous improvement of security measures

Preferred Qualifications

• Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field
• Experience with Interactive Application Security Testing (IAST) tools and methodologies
• Proficiency with Selenium for automated testing
• Skill in writing bash scripts for security automation
• Hands-on experience with OWASP ZAP or Burp Proxy
• Certifications in application security or related fields (e.g., CSSLP, OSCP, GWAPT)

Benefits

• Comprehensive medical insurance to include dental and vision
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Tuition and Professional Development Assistance
• Flex Spending Accounts (FSA)