Steampunk, Inc.
Web Application Security Engineer
Steampunk, Inc., Washington, District of Columbia, us, 20022
Web Application Security Engineer – Steampunk, Inc.
As a
Web Application Security Engineer , you will provide technical expertise and solutions to remediate persistent and challenging portfolio-wide vulnerabilities. We’re looking for someone who has passion for IT, resourceful problem‑solving abilities, and a desire to learn our indicators of success in this role. The ideal candidate will have a breadth of experience over a variety of application and web based technologies. The candidate will not necessarily have deep experience in all domain areas but should have a good understanding of how the various layers of an enterprise application stack interact with one another. You will work directly with system admin teams to assist and remediate vulnerabilities and harden environments, while providing recommendations on ways to enhance vulnerability management. Additionally, you will work in a team environment to develop proactive solutions to improve overall enterprise security posture through process streamlining and automation.
Responsibilities
Provide subject matter expertise for various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle.
Advocate for and ensure appropriate security practices are communicated and implemented within application development portfolios.
Ability and proven experience in securing multiple areas of an enterprise application stack, including the OS, Database, Application Server, Load Balancer, and Web Server layers. Understanding how PKI/TLS certificates work is a must.
Integrate with both the application development and security assurance divisions to ensure vulnerability findings are understood, remediated or baselined as appropriate.
Document & socialise security findings and remediation solutions in an enterprise knowledge base.
Support the Information Assurance Branch and the SOC with scan analysis and partner with development teams to understand and remediate security findings.
Required Qualifications
Ability to obtain a U.S. government Security Clearance
Master's Degree and 3 years of relevant experience; OR
Bachelor's Degree and 5 years of relevant experience; OR
No degree and 9 years of relevant experience
Possesses at least one professional certification relevant to the technical service provided. Maintain a certification relevant to the product being deployed and/or maintained.
Preferred Qualifications
Former Developer or Systems Administrator experience
Working knowledge of technologies used for building and deploying enterprise applications, such as Maven, Gradle, GIT, Jenkins, Ansible, Java, C#/.NET, Apache Tomcat, Apache HTTP Server, IIS, F5, Oracle, MSSQLSERVER, Postgres
Working knowledge and experience in AWS and Azure GovClouds
Ability to analyze DISA STIG audit compliance scan results and provide recommendations for resolution
Analyze security environment, provide recommendations
Working knowledge of JIRA, ServiceNow or equivalent
Working knowledge of operating system and dynamic application security testing scan tools – Invicti, WebInspect, DAST/IAST suites
Experience using Python to automate tasks
Certifications
CEH, GFACT, GPEN, OSCP or other relevant industry certifications
Other Application based Technology specific certifications
About Steampunk Steampunk relies on several factors to determine salary, including but not limited to geographic location, contractual requirements, education, knowledge, skills, competencies, and experience. The projected compensation range for this position is $100,000 to $155,000. The estimate displayed represents a typical annual salary range for this position. Annual salary is just one aspect of Steampunk’s total compensation package for employees. Learn more about additional Steampunk benefits here.
Identity Statement As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.
Seniority level Mid-Senior level
Employment type Full-time
Job function Information Technology
Industries IT Services and IT Consulting
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.
#J-18808-Ljbffr
Web Application Security Engineer , you will provide technical expertise and solutions to remediate persistent and challenging portfolio-wide vulnerabilities. We’re looking for someone who has passion for IT, resourceful problem‑solving abilities, and a desire to learn our indicators of success in this role. The ideal candidate will have a breadth of experience over a variety of application and web based technologies. The candidate will not necessarily have deep experience in all domain areas but should have a good understanding of how the various layers of an enterprise application stack interact with one another. You will work directly with system admin teams to assist and remediate vulnerabilities and harden environments, while providing recommendations on ways to enhance vulnerability management. Additionally, you will work in a team environment to develop proactive solutions to improve overall enterprise security posture through process streamlining and automation.
Responsibilities
Provide subject matter expertise for various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle.
Advocate for and ensure appropriate security practices are communicated and implemented within application development portfolios.
Ability and proven experience in securing multiple areas of an enterprise application stack, including the OS, Database, Application Server, Load Balancer, and Web Server layers. Understanding how PKI/TLS certificates work is a must.
Integrate with both the application development and security assurance divisions to ensure vulnerability findings are understood, remediated or baselined as appropriate.
Document & socialise security findings and remediation solutions in an enterprise knowledge base.
Support the Information Assurance Branch and the SOC with scan analysis and partner with development teams to understand and remediate security findings.
Required Qualifications
Ability to obtain a U.S. government Security Clearance
Master's Degree and 3 years of relevant experience; OR
Bachelor's Degree and 5 years of relevant experience; OR
No degree and 9 years of relevant experience
Possesses at least one professional certification relevant to the technical service provided. Maintain a certification relevant to the product being deployed and/or maintained.
Preferred Qualifications
Former Developer or Systems Administrator experience
Working knowledge of technologies used for building and deploying enterprise applications, such as Maven, Gradle, GIT, Jenkins, Ansible, Java, C#/.NET, Apache Tomcat, Apache HTTP Server, IIS, F5, Oracle, MSSQLSERVER, Postgres
Working knowledge and experience in AWS and Azure GovClouds
Ability to analyze DISA STIG audit compliance scan results and provide recommendations for resolution
Analyze security environment, provide recommendations
Working knowledge of JIRA, ServiceNow or equivalent
Working knowledge of operating system and dynamic application security testing scan tools – Invicti, WebInspect, DAST/IAST suites
Experience using Python to automate tasks
Certifications
CEH, GFACT, GPEN, OSCP or other relevant industry certifications
Other Application based Technology specific certifications
About Steampunk Steampunk relies on several factors to determine salary, including but not limited to geographic location, contractual requirements, education, knowledge, skills, competencies, and experience. The projected compensation range for this position is $100,000 to $155,000. The estimate displayed represents a typical annual salary range for this position. Annual salary is just one aspect of Steampunk’s total compensation package for employees. Learn more about additional Steampunk benefits here.
Identity Statement As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.
Seniority level Mid-Senior level
Employment type Full-time
Job function Information Technology
Industries IT Services and IT Consulting
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.
#J-18808-Ljbffr