ZipRecruiter
Job DescriptionJob Description
Position Title:
Senior Application Security Engineer
Location:
Washington, DC (Hybrid)
Job Requirements:
Strong written and verbal communication skills
· Must have GitLab CI/CD pipeline experience
· Assist in the development and implementation of the DevSecOps strategy to include the definition and goals of the over-arching framework and methodologies
· Assist customers with implementing a secure CI/CD pipeline utilizing DevSecOps principles and practices to increase automation and reduce human involvement in the process
· Reviewing source code for potential security vulnerabilities
· Strong analytical skills to assess risks and vulnerabilities in complex systems
· Writing security test cases to check for vulnerabilities or broken/missing security controls.
· Implement automated security controls as part of CI/CD pipelines
· Support development teams with secure code (DAST, SAST, Dependency, Secret Detection, Container scans, etc.) reviews and other assessments to identify security weaknesses and vulnerabilities
· Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices
· Recommend cyber defense and vulnerability assessment tools
· Review and research monthly continuous monitoring controls documentation tasks that is required by OIS
· Continuous Process Improvement, actively contribute to the development of standardized operating procedures (SOPs) for API security testing
· Collaborate closely with cross-functional teams, including system administrators and Information System Security Officers (ISSOs)
Security Clearance Requirement:
· Active Public Trust and eligible to obtain a Secret clearance
Certifications/Licenses:
At least Ten (10) years of experience working in cybersecurity or information technology with a bachelor’s degree. Minimum of 5 years’ experience in vulnerability management, application and software security team, Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling
Solid experience in application security and software development in one or more programming such as C#, Java, Python, etc
Experience with security tools such as SAST, DAST, IAST, SCA and other security tools
· Familiarity with industry-standard security frameworks such as OWASP, NIST, BSIMM etc
· Experience with CICD pipeline, security tools integration and secure SDLC
Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
CISSP, OSCP, any DevSecOps or other related Information Security certification
Experience with cloud-based infrastructure (AWS, Azure, or GCP)
Company DescriptionGSC is a leading cyber security and information technology company based in Washington, DC. We are looking to hire a Senior Security Application Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background and security clearance.Company DescriptionGSC is a leading cyber security and information technology company based in Washington, DC. We are looking to hire a Senior Security Application Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background and security clearance.
Position Title:
Senior Application Security Engineer
Location:
Washington, DC (Hybrid)
Job Requirements:
Strong written and verbal communication skills
· Must have GitLab CI/CD pipeline experience
· Assist in the development and implementation of the DevSecOps strategy to include the definition and goals of the over-arching framework and methodologies
· Assist customers with implementing a secure CI/CD pipeline utilizing DevSecOps principles and practices to increase automation and reduce human involvement in the process
· Reviewing source code for potential security vulnerabilities
· Strong analytical skills to assess risks and vulnerabilities in complex systems
· Writing security test cases to check for vulnerabilities or broken/missing security controls.
· Implement automated security controls as part of CI/CD pipelines
· Support development teams with secure code (DAST, SAST, Dependency, Secret Detection, Container scans, etc.) reviews and other assessments to identify security weaknesses and vulnerabilities
· Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices
· Recommend cyber defense and vulnerability assessment tools
· Review and research monthly continuous monitoring controls documentation tasks that is required by OIS
· Continuous Process Improvement, actively contribute to the development of standardized operating procedures (SOPs) for API security testing
· Collaborate closely with cross-functional teams, including system administrators and Information System Security Officers (ISSOs)
Security Clearance Requirement:
· Active Public Trust and eligible to obtain a Secret clearance
Certifications/Licenses:
At least Ten (10) years of experience working in cybersecurity or information technology with a bachelor’s degree. Minimum of 5 years’ experience in vulnerability management, application and software security team, Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling
Solid experience in application security and software development in one or more programming such as C#, Java, Python, etc
Experience with security tools such as SAST, DAST, IAST, SCA and other security tools
· Familiarity with industry-standard security frameworks such as OWASP, NIST, BSIMM etc
· Experience with CICD pipeline, security tools integration and secure SDLC
Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
CISSP, OSCP, any DevSecOps or other related Information Security certification
Experience with cloud-based infrastructure (AWS, Azure, or GCP)
Company DescriptionGSC is a leading cyber security and information technology company based in Washington, DC. We are looking to hire a Senior Security Application Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background and security clearance.Company DescriptionGSC is a leading cyber security and information technology company based in Washington, DC. We are looking to hire a Senior Security Application Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background and security clearance.