Take2 Consulting, LLCRemote
Application Security Engineer (Secret Clearance)
United States of America
Full-time
1 month ago
No H1B
Key skills
Application Security EngineeringDevSecOpsSonatypeFortifyBurp SuiteCI/CDSecure SDLCLinux AdministrationCommon LanguagesKubernetes SecurityTLS/Cert ManagementIdentity IntegrationOracle Cloud InfrastructureVulnerability ManagementSecurity+CISSPCSSLPGIACKubernetes Security CertsPythonJava.NETKubernetesHelmOpenShiftOracleLDAPSSOSplunknpmpipServiceNowJiraSDLCOWASP
About this role
Take2 Consulting, LLC is seeking an Application Security Tooling Administrator to enhance a defense agency’s application security scanning ecosystem throughout the software development life cycle. The role involves operating various application security tools and ensuring scalable security controls in regulated environments.
Responsibilities:
- Help design, operate, and continuously improve a defense agency’s application security (AppSec) scanning ecosystem across the software development life cycle (SDLC)
- Run and integrate software composition analysis (SCA) with Sonatype, static application security testing (SAST) with Fortify, container/Kubernetes security with Red Hat Advanced Cluster Security (StackRox), and dynamic application security testing (DAST) with Burp Suite
- Ensure scalable, auditable, mission-ready security controls in regulated environments
Requirements:
- Active Secret clearance required
- Experience in application security engineering and/or DevSecOps in regulated environments
- Hands-on administration and pipeline integration experience with Sonatype (Nexus IQ/Lifecycle), Fortify (SCA/SSC), StackRox/Red Hat ACS, and Burp Suite (Professional/Enterprise preferred)
- Strong CI/CD and automation skills; ability to implement repeatable integrations and policy gates
- Working knowledge of: Secure SDLC, OWASP Top 10, dependency risk, SBOM concepts, container/Kubernetes security
- Linux administration, networking fundamentals, TLS/cert management, identity integration (SSO/LDAP)
- Common languages/build systems (e.g., Java/Maven/Gradle, .NET/NuGet, Node/npm, Python/pip)
- Oracle Cloud Infrastructure
- Familiarity with registries and orchestration: Harbor/Artifactory/ECR, Kubernetes/OpenShift, Helm
- DoD/IC experience with RMF, STIGs, and vulnerability management processes
- Experience integrating with SIEM/SOAR and ticketing (e.g., Splunk, ServiceNow, Jira)
- Relevant certifications (one or more): Security+, CISSP, CSSLP, GIAC, Kubernetes security certs