Senior Application Security Engineer

Job Title: Senior Application Security Engineer

Location: Rockville, Maryland (Hybrid 2x week)

Target Start Date: April 1, 2025

Type: Long term contract

PayRate: up to $80/ hour DOE

Overview:

The Senior Application Security Engineer will be responsible for planning, coordinating, and implementing security best practices throughout the Software Development Life Cycle (SDLC). This includes testing, vulnerability remediation support, security tool evaluation, and incorporating innovative solutions to enhance secure code review capabilities.

Key Responsibilities:

• Perform comprehensive security assessments, including manual penetration testing, using tools such as Burp Suite and other relevant proxy tools.
• Analyze and prioritize vulnerabilities identified through Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST), with a focus on timely remediation.
• Integrate security practices into CI/CD pipelines to support DevSecOps initiatives and improve application security across the development process.
• Maintain detailed documentation of security findings, remediation plans, and compliance requirements.
• Develop, interpret, and enforce security policies and procedures.
• Participate in company-wide security compliance efforts and audits.
• Design and deliver security training materials, including general awareness and specialized technical security topics.
• Evaluate emerging security products, tools, and technologies, and recommend their adoption to enhance security posture.
• Leverage Generative AI (GenAI) technologies to scale application security reviews and automate code analysis.
• Conduct in-depth evaluations of various application security tools and capabilities, including SAST, DAST, Infrastructure-as-Code (IaC) scanning, and secret detection tools.
• Stay up to date on the latest security threats, vulnerabilities, and countermeasures.
• Provide security awareness training to developers and assurance engineers, focusing on common security issues and best practices.
• Conduct AWS configuration reviews to ensure secure infrastructure setup.

Qualifications:

• Education: Bachelor's degree in Computer Science, Computer Engineering, or a related technical field.
• Experience: 5 years of hands-on experience in Cybersecurity and Application Security.
• Tools & Technologies:
• Familiarity with SAST, DAST, IAST tools.
• Deep understanding of AWS security practices and configuration reviews.
• Proficiency with CI/CD tools such as Jenkins and GitLab.
• Experience with GenAI tools is a plus.
• Security Knowledge:
• Strong understanding of OWASP Top 10 vulnerabilities and best practices for remediation.
• Expertise in system and network security, cryptography, authentication and security protocols, and application security.
• Solid background in vulnerability testing and auditing at both the infrastructure and application levels.
• Programming Skills: Proficiency in one or more programming languages (Java, Python, JavaScript preferred).
• Certifications:
• Relevant certifications such as GWAPT, OSWE, Burp Suite Certified Practitioner are preferred.
• Additional Skills:
• Candidates with a software development background are a plus.
• Ability to consistently implement security solutions and drive initiatives to improve application security.