Application Security Engineer

Summary

Join phia as an Application Security Engineer and collaborate with a Federal client to maintain a robust security posture. This remote position, open to US citizens only, offers the flexibility to work from home anywhere in the US. You will remediate application security flaws, lead security discussions, and perform application performance testing. The role requires a Bachelor's degree or equivalent experience, along with several years of experience in application security and specific technologies. phia values work-life balance and offers comprehensive benefits, including medical, dental, vision, disability, 401k, tuition assistance, and flexible spending accounts.

Requirements

• Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field. Additional years of experience may be substituted for a degree
• 3+ years of experience with Java, Python, .NET, or C#
• 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
• Experience with Eclipse, Visual Studio, or JDeveloper, including pipeline development
• Experience with setting up SAML authentication
• Ability to write Amazon CloudFormation Templates (CFT)
• Ability to manage MySQL databases
• Ability to troubleshoot Linux Nftables and IPTables at the command line
• U.S. Citizenship required

Responsibilities

• Remediate application security flaws in conjunction with the application security team
• Lead security discussions with the application teams to prescribe security best practices within their development lifecycle
• Perform dynamic and static application performance testing, perform security requirements creation or generation level threat modeling leveraging tools, including SD elements, and perform application level testing using applications such as Burp Suite. Work with the latest OWASP frameworks

Preferred Qualifications

• Experience with one or more of the following technologies: Networking, including CISCO, Juniper, or Palo Alto, operating systems, including Windows Server, Redhat, or Linux, cloud services, including AWS, Azure, Salesforce, Okta, O365, or ServiceNow, or Mobile Technologies, including iOS or Xen Mobile
• Experience with designing, building, and implementing automation tools, including Ansible, Chef, or Puppet
• Experience with Infrastructure as Code tools, including Cloud Formations or Terraform
• Experience with container platforms, including OpenShift
• Experience with chaos engineering and blue or green deployments
• Experience with Serverless, including Lambda, API Gateway, Step Functions, and SAM
• Experience with application performance analysis and monitoring, including ELK
• Experience with an Agile release methodology
• Experience with securing cloud-based systems
• Knowledge of NIST 800 Series Instruction/CNSS Directives/Information Assurance regulations
• Knowledge of SDN/SDP and hybrid architectures
• Ability to describe the differences between, and develop, various TIC 3.0 documentation
• Ability to communicate complex and technical concepts clearly
• Ability to compellingly justify security architecture decisions and direction to align others to a common vision
• Secuirity+
• AWS Certified Solutions Architect or Developer Certification
• Cisco Certified Network Associate (CCNA)
• Microsoft Certified Solutions Expert (MCSE)
• Red Hat Certified System Administrator (RHCSA)
• EC-Council Certified Security Specialist (ECSS)

Benefits

• Comprehensive medical insurance to include dental and vision
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Tuition and Professional Development Assistance
• Flex Spending Accounts (FSA)