• Application Security Engineer

    US Tech Solutions (Arlington, VA)


    What You'll Do:

    - Collaborate with a team of engineers to implement *** specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.

     

    - Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.

     

    - Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.

     

    - With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines.

     

    - Support security standards, create templates and patterns to increase the efficiency and adoption of security program.

    These skills will help you succeed in this role:

    - Bachelor's degree with minimum 8 years of work experience in the IT field

     

    - 3+ years software development experience using Java, JavaScript

    - 3+ years of experience in the following:

    - OWASP Secure Coding Practices

     

    - Common software and web application security vulnerabilities

    - Application security scanning tools

    - Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins)

     

    - Experience in Python scripting

     

    Even Better If You Have

     

    - A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field

     

    - Business acumen to support the implementation of SAST or DAST or IAST across the enterprise

     

    - Ability to perform code reviews with minimal assistance

     

    - A self-starter, with a strong desire for learning new technologies and applying them to solve problems

     

    - Experience with two or more of the application build environments like Jenkins, Gradle, Maven.

     

    - Familiarity with public cloud services a plus

     

    - Experience with two or more of the Secure SDLC tools like Burp Suite, Fortify, Checkmarx, AppSec SE, Veracode, WhiteSource, Sonatype

     

    - Experience with Threat Analysis.

     

    - Experience with DevSecOps, Secure SDLC.

     

    - DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus

     

    - Experience with evaluation, integration and onboard of security tools such as RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc is a plus