GuidePoint SecurityRemote
Application Security Engineer - Mid-Atlantic region (Remote in VA, MD, PA, NC, DE, NJ, or DC)
United States of America
Full Time
1 hour ago
No H1B
Key skills
Black DuckCheckmarxContinuous Integration / Continuous Delivery (CI/CD) toolsSoftware engineeringFull stack software developmentScriptingAutomationApplication security fundamentalsOWASP Top 10Threat modelingSecure coding practicesSoftware Development Lifecycle (SDLC)Static Application Security Testing (SAST) toolsSemgrepCodeQLVeracodeInteractive Application Security Testing (IAST)Dynamic Application Security Testing (DAST)API securitySoftware Composition Analysis (SCA)API Security toolsBurp SuiteSecure Development LifecyclesVulnerability triagingVulnerability remediationAutomated security testingSecurity tools integration in CI/CD pipelinesApplication securityAzureJenkinsGitHub ActionsCircleCIAzure DevOpsGitHubGitLabSDLCCI/CDCommunicationOWASP
About this role
GuidePoint Security is a rapidly growing cybersecurity company that provides trusted expertise and solutions to organizations, including Fortune 500 companies and U.S. government agencies. They are seeking an Application Security Engineer to implement and troubleshoot application security tools, ensure secure coding practices, and integrate security into the software development lifecycle.
Responsibilities:
- Proficiency with the implementation, operationalization, and troubleshooting of Black Duck and Checkmarx
- Understanding of Continuous Integration / Continuous Delivery (CI/CD) pipeline tools and processes (e.g. GitHub Actions, GitLab Runners, Azure DevOps, Jenkins, CircleCI, etc.)
- Experience in software engineering, ideally full stack software development, including modern technologies and application architectures
- Strong scripting and automation experience using one or more programming languages
- Solid working knowledge of application security fundamentals including the OWASP Top 10, threat modeling, and implementing secure coding practices throughout the Software Development Lifecycle (SDLC)
- Excellent written and verbal communication skills
- Proficiency with the implementation, operationalization, and troubleshooting of other Static Application Security Testing (SAST) tools such as Semgrep, CodeQL, Veracode, etc
- Experience writing or adapting custom SAST rules (Semgrep or CodeQL)
- Familiarity with additional Application Security tools (e.g. Interactive (IAST), Dynamic (DAST) and API security, SCA, etc.)
- Familiarity with API Security tools (e.g., NoName, Traceable, Salt, Cequence)
- Practical hands-on experience validating vulnerabilities and proficiency with Burp Suite
- Strong working knowledge of Secure Development Lifecycles and experience triaging and remediating technical vulnerabilities identified by web application scanning tools
- Understanding of automated security testing approaches and tools
- Experience in building and operating security tools within CI/CD pipelines
- Experience with proactive integration of security into the development process
- Past experience as an application security practitioner or software engineer
Requirements:
- Proficiency with the implementation, operationalization, and troubleshooting of Black Duck and Checkmarx
- Understanding of Continuous Integration / Continuous Delivery (CI/CD) pipeline tools and processes (e.g. GitHub Actions, GitLab Runners, Azure DevOps, Jenkins, CircleCI, etc.)
- Experience in software engineering, ideally full stack software development, including modern technologies and application architectures
- Strong scripting and automation experience using one or more programming languages
- Solid working knowledge of application security fundamentals including the OWASP Top 10, threat modeling, and implementing secure coding practices throughout the Software Development Lifecycle (SDLC)
- Excellent written and verbal communication skills
- Bachelor's degree in a relevant discipline or equivalent experience
- 3-5 years of security engineering experience in the Information Security industry
- Proficiency with the implementation, operationalization, and troubleshooting of other Static Application Security Testing (SAST) tools such as Semgrep, CodeQL, Veracode, etc
- Experience writing or adapting custom SAST rules (Semgrep or CodeQL)
- Familiarity with additional Application Security tools (e.g. Interactive (IAST), Dynamic (DAST) and API security, SCA, etc.)
- Familiarity with API Security tools (e.g., NoName, Traceable, Salt, Cequence)
- Practical hands-on experience validating vulnerabilities and proficiency with Burp Suite
- Strong working knowledge of Secure Development Lifecycles and experience triaging and remediating technical vulnerabilities identified by web application scanning tools
- Understanding of automated security testing approaches and tools
- Experience in building and operating security tools within CI/CD pipelines
- Experience with proactive integration of security into the development process
- Past experience as an application security practitioner or software engineer