Application Security Engineer

$75,600 - $172,000/Yr

Booz Allen Hamilton - Washington, DC

posted about 2 months ago

Part-time,Full-time - Mid Level
Washington, DC
Professional, Scientific, and Technical Services

About the position

The Application Security Engineer will collaborate with clients and the application community to enhance and maintain a robust security posture for critical applications. This role involves remediating application security vulnerabilities, leading security discussions, and implementing security best practices throughout the development lifecycle. The engineer will conduct dynamic and static application testing, generate security requirements, and utilize various tools to ensure application security compliance with industry standards.

Responsibilities

  • Support and maintain a resilient security posture for highly visible applications.
  • Remediate application security flaws in collaboration with the application security team.
  • Lead security discussions with application teams to prescribe security best practices.
  • Perform dynamic and static application performance testing.
  • Create security requirements and conduct threat modeling using tools like SD Elements.
  • Conduct application-level testing using tools such as Burp Suite.
  • Work with OWASP frameworks to ensure application security.

Requirements

  • 5+ years of experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
  • 5+ years of experience in designing and implementing enterprise-wide security controls.
  • Experience securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
  • Experience with Cloud technologies, including Azure or AWS.
  • Experience supporting security reviews within a DevSecOps framework.
  • Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.
  • Ability to obtain a Secret clearance.
  • Bachelor's degree.

Nice-to-haves

  • Experience with Interactive Application Security Testing (IAST) tools.
  • Experience with OWASP ZAP or Burp Proxy.
  • Experience implementing continuous monitoring solutions in an Agile framework.
  • Experience developing Body of Evidence artifacts for Certification and Accreditation (C&A).
  • Knowledge of Linux or UNIX environments.
  • Possession of excellent verbal and written communication skills.
  • CISSP or CCSP certification.

Benefits

  • Health insurance coverage.
  • Life insurance coverage.
  • Disability insurance coverage.
  • Financial and retirement benefits.
  • Paid leave.
  • Professional development opportunities.
  • Tuition assistance programs.
  • Work-life balance programs.
  • Dependent care support.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service