Phia Group - Washington, DC

posted 26 days ago

Full-time - Mid Level
Washington, DC
Professional, Scientific, and Technical Services

About the position

The Application Security Engineer at phia will work closely with federal clients to ensure a strong security posture for high-visibility applications. This role involves proactive collaboration with development teams, conducting security assessments, and implementing security controls to protect applications and infrastructure. The position allows for remote work from anywhere in the U.S., and candidates must be U.S. citizens capable of obtaining a Public Trust clearance.

Responsibilities

  • Collaborate with the federal client and application teams to maintain a robust security posture for high-visibility applications
  • Lead proactive security discussions with development teams to integrate best practices throughout the software development lifecycle
  • Conduct comprehensive application security assessments using dynamic and static testing methodologies
  • Perform threat modeling and security requirements analysis using tools like SD Elements
  • Execute in-depth application penetration testing using industry-standard tools such as Burp Suite
  • Implement and leverage the latest OWASP frameworks to enhance application security
  • Develop and maintain security controls to protect applications, systems, and infrastructure services
  • Provide expert guidance on remediating identified security flaws and vulnerabilities
  • Stay current with evolving security threats and compliance standards to ensure continuous improvement of security measures

Requirements

  • 6+ years of Information Technology experience
  • 3+ years of experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments, particularly using Veracode
  • 2+ years of hands-on experience with Java, Python, .NET, or C#
  • 3+ years of proficiency with Burp Suite for application security testing
  • 3+ years of experience designing and implementing enterprise-wide security controls
  • Expertise in securing enterprise web applications and thorough knowledge of OWASP Top 10, CVSS, CWE, WASC, and SANS-25
  • Familiarity with federal compliance standards, including NIST 800-53, FIPS, and FedRAMP
  • Proficiency in Linux or UNIX environments, including troubleshooting website connectivity issues
  • Experience with development environments such as Eclipse, JDeveloper, or Visual Studio
  • Strong understanding of CI/CD pipeline security integration
  • U.S. citizenship and ability to obtain a Public Trust clearance

Nice-to-haves

  • Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field
  • Experience with Interactive Application Security Testing (IAST) tools and methodologies
  • Proficiency with Selenium for automated testing
  • Skill in writing bash scripts for security automation
  • Hands-on experience with OWASP ZAP or Burp Proxy
  • Certifications in application security or related fields (e.g., CSSLP, OSCP, GWAPT)

Benefits

  • Comprehensive medical insurance to include dental and vision
  • Short Term & Long-Term Disability
  • 401k Retirement Savings Plan with Company Match
  • Tuition and Professional Development Assistance
  • Flex Spending Accounts (FSA)
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service