Jobs · Information Technology · Virginia

Application Security Engineer

Leidos · Ashburn, VA · Today
On-siteInformation Technology$108k–$195k/yrFull-time

About the role

The Department of Homeland Security (DHS), Customs and Border Protection (CBP) Cyber Security Directorate (CSD) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBPSOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations.

Primary Responsibilities

  • Ensure continuous monitoring of all CSD managed applications and implement an alerting system for critical incidents
  • Participate in market research to identify new security solutions as required to avoid obsolescence and to improve the overall security posture
  • Develop, deploy, maintain, and/or assist in the implementation and integration of Machine Learning (ML) and Artificial Intelligence (AI) into CBP’s security tool suite
  • Utilize SAST tools to analyze source code for vulnerabilities
  • Work closely with development teams and ISSOs to remediate identified security issues
  • Conduct security assessments using Microfocus WebInspect and other DAST tools
  • Collaborate with development teams to address and remediate dynamic security findings
  • Implement and manage container security tools, with a focus on Anchore, to ensure secure container deployments
  • Provide recommendations for secure container orchestration
  • Establish and maintain the definitive current basis for control and status accounting of application systems and their configuration items
  • Select configuration items at appropriate levels for application products to facilitate documentation, control
  • Tune logging capabilities for efficiency, identify shortfalls, and recommend improvements and new technologies for application logging
  • Support the CSD Service Desk in managing and executing the Vulnerability Identification and Remediation process for applications.

Basic Qualifications

  • BS degree in Information Technology, Software Engineering, or related field and 8 – 12 years of prior relevant experience
  • 3+ years of prior experience in application security with a focus on SAST, SCA, DAST
  • Knowledge of secure coding practices and integration into SDLC
  • Familiarity with common security frameworks and standards
  • Strong programming/scripting skills
  • Excellent communication and collaboration skills
  • Working in an Agile project management environment
  • Must have a Top Secret Clearance with SCI
  • Must be able to report into the Ashburn VA office up to 5 days per week

Preferred Qualifications

  • Master’s with 1-2 years of prior experience in application security with a focus on SAST, SCA, DAST
  • Experience with data engineering tools such as Kubernetes/Rancher, Cloudera
  • Experience with Configuration Management and IaC tools such as Salt or Ansible
  • Experience with scripting languages, CI/CD tools, Elasticsearch, or Gitlab
  • Experience working in an air-gapped environments
  • Experience working in large computing environments (> 1,000 end-points)

Similar jobs

Application Security Engineer

Purpose Brands, LLCWoodbury, MN· 3 wk ago
Information Technology$120k–$140k/yrapply on purposebrands.wd503.myworkdayjobs.com