Senior Application Security Engineer

About The Position

Requirements

• Expertise in Veracode for application security testing.
• Strong understanding of SAST, DAST, and interactive security testing tools.
• Proficiency in Java, Python, .NET, or C# for security assessments.
• Hands-on experience with Burp Suite for penetration testing.
• In-depth knowledge of federal compliance standards such as NIST 800-53, FIPS, and FedRAMP.
• Familiarity with Eclipse, JDeveloper, Visual Studio, and secure pipeline development.
• Ability to analyze and mitigate vulnerabilities identified in OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
• Strong troubleshooting skills in Linux/UNIX environments related to application security.
• Ability to collaborate effectively with cross-functional teams, including developers, security engineers, and compliance professionals.

Nice To Haves

• Acceptable certifications include: OSCP, ISC2 CSSLP, ISC2 CISSP, CEH, or other Application Security related certifications.

Responsibilities

• Support and maintain Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode.
• Perform application security assessments and penetration testing to identify vulnerabilities and recommend remediation strategies.
• Utilize Burp Suite to conduct security testing, including web application penetration testing and vulnerability assessments.
• Design and implement enterprise-wide security controls to secure applications, systems, networks, and infrastructure services.
• Work with development teams to integrate security best practices into the Software Development Life Cycle (SDLC).
• Assist in securing enterprise web applications following OWASP Top 10, CVSS, CWE, WASC, and SANS-25 security standards.
• Ensure compliance with federal security standards, including NIST 800-53, FIPS, and FedRAMP.
• Support security scanning and vulnerability management for Java, Python, .NET, or C# applications.
• Troubleshoot security vulnerabilities in Linux/UNIX environments and resolve basic website connectivity issues.
• Develop and maintain security documentation and reports for compliance and audit purposes.
• Provide Monthly Status Report (MSR) to RavenTek Program Manager by deadline provided.
• Enter actual time worked, once complete, at the end of the day, or no later than 10:00 a.m. the following workday, and submit timesheets at the end of each pay period.
• Monitor and respond to RavenTek email a minimum of 3 times per week.
• Other duties as assigned.

Benefits

• Ability to obtain a Public Trust clearance.