Energy Jobline ZR
Senior Application Security Engineer in Washington
Energy Jobline ZR, Olympia, Washington, United States
Position Title:
Senior Application Security Engineer Location:
Washington, DC (Hybrid) Job Requirements:
Strong written and verbal communication skills
Must have GitLab CI/CD pipeline experience
Assist in the development and implementation of the DevSecOps strategy to include the definition and goals of the over-arching framework and methodologies
Assist customers with implementing a secure CI/CD pipeline utilizing DevSecOps principles and practices to increase automation and reduce human involvement in the process
Reviewing source code for potential security vulnerabilities
Strong analytical skills to assess risks and vulnerabilities in complex systems
Writing security test cases to check for vulnerabilities or broken/missing security controls.
Implement automated security controls as part of CI/CD pipelines
Support development teams with secure code (DAST, SAST, Dependency, Secret Detection, Container scans, etc.) reviews and other assessments to identify security weaknesses and vulnerabilities
Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices
Recommend cyber defense and vulnerability assessment tools
Review and research monthly continuous monitoring controls documentation tasks that is required by OIS
Continuous Process Improvement, actively contribute to the development of standardized operating procedures (SOPs) for API security testing
Collaborate closely with cross-functional teams, including system administrators and Information System Security Officers (ISSOs)
Security Clearance Requirement:
Active Public Trust and eligible to obtain a Secret clearance
Certifications/Licenses:
At least Ten (10) years of experience working in cybersecurity or information technology with a bachelor’s degree. Minimum of 5 years’ experience in vulnerability management, application and software security team, Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling
Solid experience in application security and software development in one or more programming such as C#, Java, Python, etc
Experience with security tools such as SAST, DAST, IAST, SCA and other security tools
Familiarity with industry-standard security frameworks such as OWASP, NIST, BSIMM etc
Experience with CICD pipeline, security tools integration and secure SDLC
Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
CISSP, OSCP, any DevSecOps or other related Information Security certification
Experience with cloud-based infrastructure (AWS, Azure, or GCP)
Company Description: GSC is a leading cyber security and information technology company based in Washington, DC. We are looking to hire a Senior Security Application Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background and security clearance.
If you are interested in applying for this job please press the Apply Button and follow the application process. Energy Jobline wishes you the very best of luck in your next career move.
#J-18808-Ljbffr
Senior Application Security Engineer Location:
Washington, DC (Hybrid) Job Requirements:
Strong written and verbal communication skills
Must have GitLab CI/CD pipeline experience
Assist in the development and implementation of the DevSecOps strategy to include the definition and goals of the over-arching framework and methodologies
Assist customers with implementing a secure CI/CD pipeline utilizing DevSecOps principles and practices to increase automation and reduce human involvement in the process
Reviewing source code for potential security vulnerabilities
Strong analytical skills to assess risks and vulnerabilities in complex systems
Writing security test cases to check for vulnerabilities or broken/missing security controls.
Implement automated security controls as part of CI/CD pipelines
Support development teams with secure code (DAST, SAST, Dependency, Secret Detection, Container scans, etc.) reviews and other assessments to identify security weaknesses and vulnerabilities
Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices
Recommend cyber defense and vulnerability assessment tools
Review and research monthly continuous monitoring controls documentation tasks that is required by OIS
Continuous Process Improvement, actively contribute to the development of standardized operating procedures (SOPs) for API security testing
Collaborate closely with cross-functional teams, including system administrators and Information System Security Officers (ISSOs)
Security Clearance Requirement:
Active Public Trust and eligible to obtain a Secret clearance
Certifications/Licenses:
At least Ten (10) years of experience working in cybersecurity or information technology with a bachelor’s degree. Minimum of 5 years’ experience in vulnerability management, application and software security team, Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling
Solid experience in application security and software development in one or more programming such as C#, Java, Python, etc
Experience with security tools such as SAST, DAST, IAST, SCA and other security tools
Familiarity with industry-standard security frameworks such as OWASP, NIST, BSIMM etc
Experience with CICD pipeline, security tools integration and secure SDLC
Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
CISSP, OSCP, any DevSecOps or other related Information Security certification
Experience with cloud-based infrastructure (AWS, Azure, or GCP)
Company Description: GSC is a leading cyber security and information technology company based in Washington, DC. We are looking to hire a Senior Security Application Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background and security clearance.
If you are interested in applying for this job please press the Apply Button and follow the application process. Energy Jobline wishes you the very best of luck in your next career move.
#J-18808-Ljbffr