phia, LLCposted about 1 month ago
Full-time - Mid Level
Washington, DC
About the position
phia is seeking an Application Security Engineer with hands-on experience using Veracode for application security testing and vulnerability management. The ideal applicant should be proficient in utilizing Veracode's static and dynamic analysis tools and interpreting scan results, and able to provide clear and actionable remediation guidance. This individual will work with the Federal client to maintain a resilient security posture for highly visible applications. This position allows you to work remotely from anywhere within the United States. U.S. citizenship is required, and able to obtain Public Trust approval.
Responsibilities
- Collaborate with the federal client and application teams to maintain a robust security posture for high-visibility applications
- Lead proactive security discussions with development teams to integrate best practices throughout the software development lifecycle
- Conduct comprehensive application security assessments using dynamic and static testing methodologies
- Perform threat modeling and security requirements analysis using tools like SD Elements
- Execute in-depth application penetration testing using industry-standard tools such as Burp Suite
- Implement and leverage the latest OWASP frameworks to enhance application security
- Develop and maintain security controls to protect applications, systems, and infrastructure services
- Provide expert guidance on remediating identified security flaws and vulnerabilities
- Stay current with evolving security threats and compliance standards to ensure continuous improvement of security measures
Requirements
- Veracode experience is a must
- 6+ years of Information Technology experience
- 3+ years of experience with supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode
- 2+ years of experience with Java, Python, .NET, or C#
- 3+ years of experience with Burp Suite
- 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
- Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
- Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
- Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
- Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
- Ability to obtain a security clearance
- HS diploma or GED
- U.S. citizenship and ability to obtain a Public Trust clearance
Nice-to-haves
- Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field
- Experience with Interactive Application Security Testing (IAST) tools and methodologies
- Proficiency with Selenium for automated testing
- Skill in writing bash scripts for security automation
- Hands-on experience with OWASP ZAP or Burp Proxy
- Certifications in application security or related fields (e.g., CSSLP, OSCP, GWAPT)
Benefits
- Comprehensive medical insurance to include dental and vision
- Short Term & Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Tuition and Professional Development Assistance
- Flex Spending Accounts (FSA)
Hard Skills
VeraCode
4
Burp Suite
2
Eclipse
1
Experience API
1
JDeveloper
1
3KAkS ciVX2dKsva6
0
5YO3B 6yfM
0
5hTcWC60gA9z bYos54cN7
0
9Fkj 06J3NCuDm41s Vh0xjzst6
0
AEjNJSm1f0h HpKyvtUbl5Mx
0
AYkS8KHavg c5kBfoy3TdnvgG
0
AlKuHe2nq LvF29gaMU3zD
0
DFkbr9HVx1yizI WxOTkv59EJ8
0
ENP8LJYif 3qDgoEa1VjibU OuDz8T2oL
0
F4Rle98wd AmeGtrgL
0
FVSdsHmNK3a8 0YTl4RU2dGP
0
GqySVnjz7rc1 vMNpD8sQG
0
HTJv7B
0
I0hn6GJyqAk8 0cJ6HNIGV NP1Lyedh
0
JNWS7Gosw j6a9bR0
0
MlIPmNinLjpG 7k4tuQyz6
0
O2ST0UFrt ZorFSA1DI9h2vud
0
ScHX3kQBJMr0 YDjMrqCkR EerS3Ctu
0
U243fvj1q 0houPFckx
0
UrXxRbO2g XQCNU74Vi
0
UrsiGQYF2qx dj9PCQNTq
0
b4S1fdaPN
0
cjzbAyrSdoDX GlP5mcgnu
0
frZCX7KdUyD6 FJeBI6Dk4
0
gEnm5
0
hP1YuxmwGKB7 QZB6twnM
0
kyZWsSHiltFI uvHqLcDf96
0
lE5mJsNLq7ot XOf17VqZm
0
lkOVXBgHN qPEymWt6a7
0
nPpoKq7Y8k nLXhT
0
stAaS5CbK PbC64Ek8R5yi
0
tVHz1Zp
0
wPv51
0
zm17TZ OrVK8Y214
0
Soft Skills
8RsFABM6 wFYXuQ9x
0
xnKGqLm4 yGcukzYM
0
A Smarter and Faster Way to Build Your Resume