Deloitte - Richmond, VA
posted 21 days ago
Full-time - Mid Level
Richmond, VA
10,001+ employees
Professional, Scientific, and Technical Services
About the position
The Application Security Engineer will be responsible for ensuring the security of software application deployments within Deloitte's Government and Public Services Cyber Practice. This role involves conducting security assessments, analyzing code for vulnerabilities, and collaborating with development teams to implement effective security measures. The successful candidate will lead a team of analysts and work closely with customers and system integrators to identify and remediate security vulnerabilities, ensuring compliance with security standards and regulations.
Responsibilities
- Develop and document policies to ensure the security of software application deployments.
- Conduct security assessments and analyze code for vulnerabilities.
- Collaborate with development teams to recommend effective security measures.
- Lead a team of analysts in enhancing application security practices.
- Monitor and respond to security incidents related to applications.
- Collaborate with the incident response team to investigate and mitigate security breaches.
- Stay up-to-date with the latest security threats and industry best practices.
- Design and implement application security standards and guidelines.
- Oversee the development and improvement of application security policies and procedures.
- Ensure applications comply with relevant security standards and regulations.
- Provide guidance on secure coding practices and address security findings.
- Identify and recommend remediation for security vulnerabilities in applications, APIs, and web services.
- Work closely with DevOps and IT teams to automate security testing processes.
Requirements
- Bachelor's degree in Computer Science, Information Security, or related field.
- 3-5 years of experience in application security or related roles.
- Active Secret Security Clearance.
- Experience with web application security principles.
- Experience with SAST and DAST tools.
- Proficiency in programming languages such as Java, Python, C++, C#, or others.
- Familiarity with security frameworks and compliance standards (e.g., OWASP, NIST, ISO 27001).
- Understanding of secure coding practices and the OWASP Top 10.
- Experience with DevOps practices and tools.
- Must be legally authorized to work in the United States without the need for employer sponsorship.
Nice-to-haves
- Industry certifications such as CISSP, CSSLP, or CEH.
- Experience with cloud security (AWS, Azure, or GCP).
- Knowledge of container security (Docker, Kubernetes).
- Familiarity with scripting languages (Python, Ruby, etc.).
Benefits
- Broad range of employee benefits including health insurance, professional development opportunities, and a diverse and inclusive culture.
