Senior Application Security Engineer

Summary

Join Agile Defense as a Senior Application Security Engineer and contribute to maintaining a resilient security posture for high-profile applications. Collaborate with clients and application teams to remediate security flaws and implement best practices. Conduct dynamic and static application security testing, threat modeling, and application-level testing using tools like Veracode and Burp Suite. Work with OWASP frameworks and ensure compliance with federal standards. This remote position requires 6+ years of IT experience, 3+ years with SAST/DAST/Veracode, and experience with Java, Python, .NET, or C#. A HS diploma or GED is required. Agile Defense offers a competitive benefits package; details can be found on their website.

Requirements

• HS diploma or GED
• MUST have Veracode Experience
• 6+ years of Information Technology experience
• 3+ years of experience with supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode
• 2+ years of experience with Java, Python, .NET, or C#
• 3+ years of experience with Burp Suite
• 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
• Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
• Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
• Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
• Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
• Ability to obtain a security clearance
• HS diploma or GED

Responsibilities

• Remediate application security flaws in conjunction with the application security team
• Lead security discussions with the application teams to prescribe security best practices within their development lifecycle
• Perform dynamic and static application performance testing, perform security requirements creation or generation-level threat modeling leveraging tools, including SD Elements, and perform application-level testing using applications such as Burp Suite
• Work with the latest OWASP frameworks

Preferred Qualifications

• Experience with Interactive Application Security Testing (IAST) capabilities and tools
• Experience with Selenium
• Experience writing bash scripts
• Experience with OWASP ZAP or Burp Proxy