Steampunk
Overview
As a
Web Application Security Engineer , you will provide technical expertise and solutions to remediate persistent and challenging portfolio-wide vulnerabilities. We’re looking for someone who has a passion for IT, resourceful problem-solving abilities, and a desire to learn our indicators of success in this role. The ideal candidate will have a breadth of experience across various application and web-based technologies. The candidate does not need deep experience in all domains but should have a good understanding of how the different layers of an enterprise application stack interact. You will work directly with system admin teams to assist and remediate vulnerabilities and harden environments, while providing recommendations to enhance vulnerability management. Additionally, you will collaborate with a team to develop proactive solutions to improve our enterprise security posture through process streamlining and automation. Contributions
Responsibilities include: Providing subject matter expertise for risk assessments, working in an Agile environment with an understanding of the full software development lifecycle. Advocating for and ensuring security practices are communicated and implemented within application development portfolios. Securing multiple areas of an enterprise application stack, including OS, Database, Application Server, Load Balancer, and Web Server layers. Understanding PKI/TLS certificates is essential. Collaborating with application development and security assurance teams to understand, remediate, or baseline vulnerability findings. Documenting and sharing security findings and remediation strategies in an enterprise knowledge base. Supporting the Information Assurance Branch and SOC with scan analysis and partnering with development teams on security findings. Qualifications
Required: Ability to obtain a U.S. government Security Clearance Master's Degree with 3 years of relevant experience, OR Bachelor's Degree with 5 years of relevant experience, OR No degree with 9 years of relevant experience Possessing at least one relevant professional certification, maintaining certifications relevant to deployed or maintained products. Preferred: Experience as a Developer or Systems Administrator Knowledge of technologies like Maven, Gradle, GIT, Jenkins, Ansible, Java, C#/.NET, Apache Tomcat, Apache HTTP Server, IIS, F5, Oracle, MSSQL Server, Postgres Experience with AWS and Azure GovClouds Ability to analyze DISA STIG audit results and recommend resolutions Skills in analyzing security environments and providing recommendations Knowledge of JIRA, ServiceNow, or similar tools Experience with OS and dynamic application security testing tools like Invicti, Web Inspect, DAST/IAST suites Proficiency in Python automation Certifications: CEH, GFACT, GPEN, OSCP, or other relevant industry certifications Other application-specific technology certifications About
Steampunk
Steampunk determines salary based on factors like location, requirements, education, skills, and experience. The projected salary range is $100,000 to $155,000 annually, representing a typical range. Salary is part of the total compensation package, which includes additional benefits. Learn more about Steampunk’s benefits on our website. Identity Statement
Applicants are expected to be on camera during interviews and assessments for identity verification. We may take your picture to prevent fraud. Steampunk is a
Change Agent
in the Federal contracting industry, innovating in sectors like Homeland, Civilian, Health, and DoD. Our
Human-Centered delivery methodology
fosters shared accountability in solving mission challenges. As an
employee-owned
company, we invest in our employees’ growth and reward outstanding contributions. Learn more at
our website . We are an equal opportunity employer, and all qualified applicants will receive consideration regardless of race, color, religion, sex, national origin, disability, veteran status, or other protected characteristics. We participate in the E-Verify program.
#J-18808-Ljbffr
As a
Web Application Security Engineer , you will provide technical expertise and solutions to remediate persistent and challenging portfolio-wide vulnerabilities. We’re looking for someone who has a passion for IT, resourceful problem-solving abilities, and a desire to learn our indicators of success in this role. The ideal candidate will have a breadth of experience across various application and web-based technologies. The candidate does not need deep experience in all domains but should have a good understanding of how the different layers of an enterprise application stack interact. You will work directly with system admin teams to assist and remediate vulnerabilities and harden environments, while providing recommendations to enhance vulnerability management. Additionally, you will collaborate with a team to develop proactive solutions to improve our enterprise security posture through process streamlining and automation. Contributions
Responsibilities include: Providing subject matter expertise for risk assessments, working in an Agile environment with an understanding of the full software development lifecycle. Advocating for and ensuring security practices are communicated and implemented within application development portfolios. Securing multiple areas of an enterprise application stack, including OS, Database, Application Server, Load Balancer, and Web Server layers. Understanding PKI/TLS certificates is essential. Collaborating with application development and security assurance teams to understand, remediate, or baseline vulnerability findings. Documenting and sharing security findings and remediation strategies in an enterprise knowledge base. Supporting the Information Assurance Branch and SOC with scan analysis and partnering with development teams on security findings. Qualifications
Required: Ability to obtain a U.S. government Security Clearance Master's Degree with 3 years of relevant experience, OR Bachelor's Degree with 5 years of relevant experience, OR No degree with 9 years of relevant experience Possessing at least one relevant professional certification, maintaining certifications relevant to deployed or maintained products. Preferred: Experience as a Developer or Systems Administrator Knowledge of technologies like Maven, Gradle, GIT, Jenkins, Ansible, Java, C#/.NET, Apache Tomcat, Apache HTTP Server, IIS, F5, Oracle, MSSQL Server, Postgres Experience with AWS and Azure GovClouds Ability to analyze DISA STIG audit results and recommend resolutions Skills in analyzing security environments and providing recommendations Knowledge of JIRA, ServiceNow, or similar tools Experience with OS and dynamic application security testing tools like Invicti, Web Inspect, DAST/IAST suites Proficiency in Python automation Certifications: CEH, GFACT, GPEN, OSCP, or other relevant industry certifications Other application-specific technology certifications About
Steampunk
Steampunk determines salary based on factors like location, requirements, education, skills, and experience. The projected salary range is $100,000 to $155,000 annually, representing a typical range. Salary is part of the total compensation package, which includes additional benefits. Learn more about Steampunk’s benefits on our website. Identity Statement
Applicants are expected to be on camera during interviews and assessments for identity verification. We may take your picture to prevent fraud. Steampunk is a
Change Agent
in the Federal contracting industry, innovating in sectors like Homeland, Civilian, Health, and DoD. Our
Human-Centered delivery methodology
fosters shared accountability in solving mission challenges. As an
employee-owned
company, we invest in our employees’ growth and reward outstanding contributions. Learn more at
our website . We are an equal opportunity employer, and all qualified applicants will receive consideration regardless of race, color, religion, sex, national origin, disability, veteran status, or other protected characteristics. We participate in the E-Verify program.
#J-18808-Ljbffr