ShorePoint Inc is a fast-growing cybersecurity services firm that focuses on protecting data for high-profile customers. They are seeking an Application Security Engineer to integrate security testing into the software development lifecycle and manage application security testing capabilities using tools like Burp Suite and Veracode.
Responsibilities:
- Support and operate application security testing capabilities across SAST, DAST and IDE plug-in environments, with primary focus on Burp Suite and Veracode
- Configure, maintain and troubleshoot Burp Suite and Veracode integrations to enable consistent application security testing workflows
- Partner with development and engineering teams to identify, validate and remediate security vulnerabilities
- Apply vulnerability standards and scoring methodologies to findings, including OWASP Top 10, CVSS, CWE, WASC and SANS-25
- Navigate and troubleshoot within Linux or UNIX environments, including basic website connectivity issues
- Support the design and implementation of enterprise-wide security controls that secure applications, systems, networks or infrastructure services
- Use IDEs and development toolchains (Eclipse, JDeveloper, Visual Studio) to support developer workflows, including pipeline development activities where applicable
- Support compliance-aligned security activities in federal environments leveraging NIST 800-53, FIPS and/or FedRAMP standards
Requirements:
- Bachelor's degree in an IT-related field
- 6+ years of Information Technology experience
- 3+ years of experience supporting SAST, DAST and IDE plug-in environments using Burp Suite, including 3+ years of hands-on Burp Suite experience
- 1+ year of experience supporting SAST, DAST and IDE plug-in environments using Veracode
- 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, networks or infrastructure services
- 2+ years of experience with Java, Python, .NET or C#
- 2+ years of experience working in Linux-based environments, including navigating and troubleshooting basic website connectivity issues
- Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking
- Experience with Eclipse, JDeveloper and/or Visual Studio, including pipeline development experience
- Experience securing enterprise web applications, including familiarity with OWASP Top 10, CVSS, CWE, WASC and SANS-25
- Knowledge of federal compliance standards, including NIST 800-53, FIPS and/or FedRAMP
- Applicants must be a U.S. citizen in compliance with federal contract requirements
- Industry recognized certifications
- Experience with Interactive Application Security Testing (IAST) tools and capabilities
- Experience with HackerOne
- Experience with Selenium
- Experience writing bash scripts
- Experience with OWASP ZAP or Burp Proxy