Senior Application Security Engineer

About the position

The Senior Application Security Engineer position will support the U.S. Securities and Exchange Commission (SEC), providing support to the other Units and Offices within the SEC to ensure the success of the program’s mission. The performance of the Senior Application Security Engineer position is key to RavenTek’s performance on the SEC program, and therefore RavenTek’s mission to support the customer.

Responsibilities

• Support and maintain Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode.
• Perform application security assessments and penetration testing to identify vulnerabilities and recommend remediation strategies.
• Utilize Burp Suite to conduct security testing, including web application penetration testing and vulnerability assessments.
• Design and implement enterprise-wide security controls to secure applications, systems, networks, and infrastructure services.
• Work with development teams to integrate security best practices into the Software Development Life Cycle (SDLC).
• Assist in securing enterprise web applications following OWASP Top 10, CVSS, CWE, WASC, and SANS-25 security standards.
• Ensure compliance with federal security standards, including NIST 800-53, FIPS, and FedRAMP.
• Support security scanning and vulnerability management for Java, Python, .NET, or C# applications.
• Troubleshoot security vulnerabilities in Linux/UNIX environments and resolve basic website connectivity issues.
• Develop and maintain security documentation and reports for compliance and audit purposes.
• Provide Monthly Status Report (MSR) to RavenTek Program Manager by deadline provided.
• Enter actual time worked, once complete, at the end of the day, or no later than 10:00 a.m. the following workday, and submit timesheets at the end of each pay period.
• Monitor and respond to RavenTek email a minimum of 3 times per week.
• Other duties as assigned.

Requirements

• Expertise in Veracode for application security testing.
• Strong understanding of SAST, DAST, and interactive security testing tools.
• Proficiency in Java, Python, .NET, or C# for security assessments.
• Hands-on experience with Burp Suite for penetration testing.
• In-depth knowledge of federal compliance standards such as NIST 800-53, FIPS, and FedRAMP.
• Familiarity with Eclipse, JDeveloper, Visual Studio, and secure pipeline development.
• Ability to analyze and mitigate vulnerabilities identified in OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
• Strong troubleshooting skills in Linux/UNIX environments related to application security.
• Ability to collaborate effectively with cross-functional teams, including developers, security engineers, and compliance professionals.

Nice-to-haves

• Acceptable certifications include: OSCP, ISC2 CSSLP, ISC2 CISSP, CEH, or other Application Security related certifications.

Benefits

• Ability to obtain a Public Trust clearance.