TOMORROW HIRERemote
Application Security Engineer – Public Trust, Secret Clearance
District of Columbia, United States of America
Full Time
1 week ago
$120,000 - $140,000 USD
No Visa Sponsorship
Key skills
JavaLinuxPythonSeleniumUnix.NETC#CBashCI/CDOWASP
About this role
Role Overview
- Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite.
- Design and implement enterprise-wide security controls to secure applications, systems, networks, or infrastructure services.
- Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring, CWE, WASC, and SANS Top 25 vulnerabilities.
- Integrate security practices into development workflows using IDEs such as Eclipse, JDeveloper (including pipeline development), or Visual Studio.
- Perform application security testing and automation using tools such as OWASP ZAP, Burp Proxy, Selenium, and Interactive Application Security Testing (IAST) capabilities.
- Write and maintain bash scripts to support security automation, testing, and troubleshooting tasks.
- Participate in vulnerability discovery, triage, and remediation processes, including crowdsourced security programs via platforms like HackerOne.
- Work in Linux or UNIX environments, including navigating file systems and troubleshooting basic website connectivity and security issues.
- Ensure applications and security practices align with federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.
Requirements
- Minimum 6+ years of Information Technology experience with a focus on application and security engineering.
- 3+ years of hands-on experience supporting application security testing, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
- Demonstrated experience with SAST, DAST, and IDE plug-in integrations using tools such as Veracode and Burp Suite.
- Experience with Interactive Application Security Testing (IAST) tools and methodologies.
- Proficiency using OWASP ZAP and/or Burp Proxy for web application security testing.
- Experience participating in vulnerability discovery and remediation programs, including HackerOne.
- Experience with test automation tools, including Selenium.
- Proficiency in bash scripting for security automation, testing, and troubleshooting.
- 2+ years of development experience in one or more programming languages, including Java, Python, .NET, or C#.
- Experience integrating security into development workflows using Eclipse, JDeveloper (including CI/CD pipeline development), or Visual Studio.
- 3+ years of experience designing and implementing enterprise-wide security controls to secure applications, systems, networks, or infrastructure services.
- Hands-on experience securing enterprise web applications, with strong knowledge of OWASP Top 10, CVSS, CWE, WASC, and SANS Top 25 vulnerabilities.
- Knowledge of federal compliance and security frameworks, including NIST 800-53, FIPS, and FedRAMP.
- Working knowledge of Linux or UNIX environments, including file system navigation and troubleshooting basic website connectivity issues.
- High School Diploma or GED required.
- Public Trust Determination or Active Security clearance (preferred)
Tech Stack
- Java
- Linux
- Python
- Selenium
- Unix
- .NET
Benefits
- Health, Vision, and Dental Insurance
- PTO