Application Security Engineer

$140,000 - $160,000/Yr

Motion Recruitment - Arlington, VA

posted 27 days ago

Full-time - Senior
Arlington, VA
Administrative and Support Services

About the position

As a Senior Application Security Engineer, you will be instrumental in enhancing the security of applications throughout their lifecycle. This role involves collaborating with development teams to implement security best practices, conducting thorough threat modeling, and utilizing OWASP ASVS techniques to identify and mitigate vulnerabilities. The position requires a hybrid work model with occasional onsite presence in Reston, VA.

Responsibilities

  • Lead and support the adoption of secure coding practices across development teams
  • Conduct in-depth threat modeling for both new and existing applications to identify potential security risks
  • Perform proactive security assessments and code analysis to uncover and address vulnerabilities
  • Participate in code reviews for languages such as Java, Python, etc.
  • Conduct both manual and automated secure code reviews for various programming languages
  • Collaborate with developers to provide actionable remediation guidance and promote secure coding practices
  • Implement and maintain automated security testing tools and processes
  • Assess third-party libraries and dependencies for potential security risks
  • Stay updated on evolving security threats, vulnerabilities, and technologies to continually enhance application security strategies
  • Work with cross-functional teams, including Engineering and Operations, to integrate security within the software development lifecycle (SDLC)

Requirements

  • Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent experience)
  • 10+ years of proven experience in Application Security Engineering or a similar position
  • Strong knowledge of OWASP ASVS and application security best practices
  • Solid experience with threat modeling methodologies and tools
  • 5+ years of hands-on development experience in one or more programming languages such as Java, C, C+, or Python
  • Expertise in secure coding practices (eg, encryption, authentication, secure API design)
  • Proficiency in security assessments, including penetration testing and code reviews
  • Experience with SAST, DAST, and SCA tools like CodeQL, Burp Suite Enterprise, etc.
  • Strong communication skills, with the ability to explain technical concepts to non-technical audiences
  • Certifications such as CEH or equivalent are a plus

Benefits

  • 15% bonus
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service