Senior Application Security Engineer

Summary

Join phia as a Senior Application Security Engineer and collaborate with federal clients and application teams to maintain robust security for high-visibility applications. Plan and conduct application security assessments using SAST/DAST methodologies. Lead security discussions with development teams, perform threat modeling, and communicate with developers within the CI/CD pipeline. Execute in-depth application testing using tools like Burp Suite and leverage OWASP frameworks. Provide expert guidance on remediating security flaws and stay current with evolving security threats. This position offers remote work within the U.S. and requires U.S. citizenship and Public Trust approval.

Requirements

• Expert-level experience using Veracode and Burp Suite
• 6+ years of Information Technology experience
• 3+ years of experience with supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments
• 2+ years of experience with Java, Python, .NET, or C#
• 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
• Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
• Experience with securing enterprise web applications in accordance with established frameworks and priorities (OWASP Top 10, CVSS, CWE, WASC, and SANS-25)
• Knowledge of Federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
• Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
• HS diploma or GED
• U.S. Citizenship required

Responsibilities

• Collaborate with the federal client and application teams to maintain a robust security posture for high-visibility applications
• Plan and conduct comprehensive application security assessments using dynamic and static testing methodologies (SAST/DAST)
• Lead proactive security discussions with development teams to integrate best practices throughout the software development lifecycle
• Perform threat modeling and security requirements analysis
• Communicate and collaborate with developers and system owners as part of the CI/CD pipeline
• Execute in-depth application testing using industry-standard tools such as Burp Suite
• Implement and leverage the latest OWASP frameworks to enhance application security
• Develop and maintain security controls to protect applications, systems, and infrastructure services
• Provide expert guidance on remediating identified security flaws and vulnerabilities
• Stay current with evolving security threats and compliance standards to ensure continuous improvement of security measures

Preferred Qualifications

• Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field
• Experience with Interactive Application Security Testing (IAST) tools and methodologies
• Experience with HackerOne
• Experience with Selenium
• Skill in writing bash scripts for automation
• Hands-on experience with OWASP ZAP or Burp Proxy
• Certifications in application security or related fields (e.g., CSSLP, OSCP, GWAPT)

Benefits

• Comprehensive medical insurance to include dental and vision
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Tuition and Professional Development Assistance
• Flex Spending Accounts (FSA)