Senior Application Security Engineer

Software Guidance & Assistance, Inc., (SGA), is searching for a Senior Application Security Engineer for a Contract assignment with one of our premier Regulatory clients in Rockville, MD.

This role is hybrid (2 days/week Oniste).

The main function of senior application security engineer is to plan, coordinate and implement application security practices in each phase of software development life cycle though testing, remediation support, tool evaluation, etc. This role involves in evaluating security vulnerabilities, security tools, implementing security solutions, and leveraging latest solutions to secure code review capabilities.

Responsibilities :

• Perform security assessments and manual penetration testing using tools such as Burp Suite and other proxy tools.
• Triage static (SAST), dynamic (DAST), interactive (IAST) analysis results to identify, prioritize and remediate security vulnerabilities.
• Integrate security practices into C/CD pipeline to support DevSecOps initiative.
• Maintain documentation of security findings, remediation plans, and compliance requirements
• Develop and interpret security policies and procedures Participate in security compliance efforts
• Develop and deliver training materials and perform general security awareness and specific security technology training
• Evaluate and recommend new and emerging security products and technologies
• Leverage GenAI technologies to scale application security reviews and automate code analysis
• Evaluate various application security tools/capabilities i.e., SAST,DAST, IaC, Secrets detection tools
• Stay current with emerging security threats and countermeasures.
• Ability to train or explain the common security issues to raise the security awareness among developers and assurance engineers.
• Perform AWS configuration reviews

Required Skills:

• Bachelor's degree in a technical field such as computer science, computer engineering or related field required
• 5 years of experience required in Cyber security and application security
• Familiarity with SAST, DAST, IAST tools.
• Understanding of AWS is required
• Deep understanding of OWASP top issues and remediation guidelines.
• Proficiency in one or more programming language ( Java, Python, JavaScript is preferred)
• Understanding of CI/CD tools such as Jenkins and GITLAB.
• Familiarity with GenAI tools is a plus.
• Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
• Candidates with software development background is a plus
• Consistent implementation of security solutions
• Experience in infrastructure or application-level vulnerability testing and auditing

Preferred Skills:

• Certifications like GWAPT, OSWE, Burp Suite Certified Practitioner

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at .

SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company to request an accommodation or assistance regarding our policy.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.