Application Security Engineer
Leidos · Ashburn, VA · 2 days ago
On-siteInformation Technology$108k–$195k/yrFull-time
About the role
The Department of Homeland Security (DHS), Customs and Border Protection (CBP) Cyber Security Directorate (CSD) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations.
Responsibilities
- Ensure continuous monitoring of all CSD managed applications and implement an alerting system for critical incidents
- Participate in market research to identify new security solutions as required to avoid obsolescence and to improve the overall security posture
- Develop, deploy, maintain, and/or assist in the implementation and integration of Machine Learning (ML) and Artificial Intelligence (AI) into CBP’s security tool suite
- Integrate security best practices into the software development life cycle (SDLC) and ensure security is embedded from design to deployment
- Utilize SAST tools to analyze source code for vulnerabilities
- Work closely with development teams and ISSOs to remediate identified security issues
- Conduct security assessments using Microfocus WebInspect and other DAST tools
- Collaborate with development teams to address and remediate dynamic security findings
- Implement and manage container security tools, with a focus on Anchore, to ensure secure container deployments
- Work on ensuring systems and applications comply with Security Technical Implementation Guide
- Select configuration items at appropriate levels for application products to facilitate documentation, control
- Tune logging capabilities for efficiency, identify shortfalls, and recommend improvements and new technologies for application logging
- Support the CSD Service Desk in managing and executing the Vulnerability Identification and Remediation process for applications.
Qualifications
- BS degree in Information Technology, Software Engineering, or related field and 8 – 12 years of prior relevant experience
- 3+ years of prior experience in application security with a focus on SAST, SCA, DAST
- Knowledge of secure coding practices and integration into SDLC
- Familiarity with common security frameworks and standards
- Strong programming/scripting skills
- Excellent communication and collaboration skills
- Working in an Agile project management environment
- Military clearance (Top Secret with SCI eligibility)
- Ability to work in the Ashburn, VA office up to 5 days per week