Deloitte - Richmond, VA

posted 20 days ago

Full-time - Mid Level
Richmond, VA
10,001+ employees
Professional, Scientific, and Technical Services

About the position

The Application Security Engineer at Deloitte's Government and Public Services Cyber Practice will be responsible for enhancing application security practices by developing policies, conducting security assessments, and collaborating with development teams. This role involves leading a team of analysts to identify and remediate security vulnerabilities in software applications, ensuring compliance with security standards, and staying updated on the latest security threats and best practices.

Responsibilities

  • Develop and document policies to ensure the security of software application deployments.
  • Conduct security assessments and analyze code for vulnerabilities.
  • Collaborate with development teams to recommend effective security measures.
  • Lead a team of analysts in enhancing application security practices.
  • Monitor and respond to security incidents related to applications.
  • Collaborate with incident response teams to investigate and mitigate security breaches.
  • Design and implement application security standards and guidelines.
  • Oversee the development and improvement of application security policies and procedures.
  • Ensure compliance with relevant security standards and regulations.
  • Provide guidance on secure coding practices and address security findings.

Requirements

  • Bachelor's degree in Computer Science, Information Security, or related field.
  • 3-5 years of experience in application security or related roles.
  • Active Secret Security Clearance.
  • Experience with web application security principles.
  • Experience with SAST and DAST tools.
  • Proficiency in programming languages such as Java, Python, C++, C#, or others.
  • Familiarity with security frameworks and compliance standards (e.g., OWASP, NIST, ISO 27001).
  • Understanding of secure coding practices and the OWASP Top 10.
  • Experience with DevOps practices and tools.
  • Must be legally authorized to work in the United States without the need for employer sponsorship.

Nice-to-haves

  • Industry certifications such as CISSP, CSSLP, or CEH.
  • Experience with cloud security (AWS, Azure, or GCP).
  • Knowledge of container security (Docker, Kubernetes).
  • Familiarity with scripting languages (Python, Ruby, etc.).
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service