Senior Application Security Engineer

Summary

Join Agile Defense as a Senior Application Security Engineer and contribute to maintaining a resilient security posture for high-visibility applications. Collaborate with clients and application teams to remediate security flaws and implement best practices. Conduct dynamic and static application performance testing, threat modeling, and application-level testing using tools like Burp Suite and SD Elements. Work with OWASP frameworks and possess experience in securing enterprise web applications. This remote position requires a minimum of 6 years of IT experience and specific expertise in SAST, DAST, and various programming languages. The ideal candidate will also have experience with IAST, HackerOne, and Selenium.

Requirements

• HS diploma or GED
• Burp and Veracode are currently the areas of focus
• 6+ years of Information Technology experience
• 3+ years of experience with supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite
• 2+ years of experience with Java, Python, .NET, or C#
• 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
• Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
• Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
• Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
• Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
• Ability to obtain a security clearance

Responsibilities

• Remediate application security flaws in conjunction with the application security team
• Lead security discussions with the application teams to prescribe security best practices within their development lifecycle
• Perform dynamic and static application performance testing, perform security requirements creation or generation-level threat modeling leveraging tools, including SD Elements, and perform application-level testing using applications such as Burp Suite
• Work with the latest OWASP frameworks

Preferred Qualifications

• Experience with Interactive Application Security Testing (IAST) capabilities and tools
• Experience with HackerOne
• Experience with Selenium
• Experience writing bash scripts
• Experience with OWASP ZAP or Burp Proxy