Application Security Engineer
Ridgeline International, LLC · Tysons Corner, VA · 2 wk ago
HybridInformation TechnologyFull-time
About the role
Veilant is seeking an Application Security Engineer to join our InfoSec team. This role involves validating, securing, and continuously improving software developed by internal and partner engineering teams.
Responsibilities
- Audit software releases across major and minor cycles to intercept and remediate security flaws before deployment.
- Analyze source code to identify, isolate, validate, and contextualize vulnerabilities in complex application codebases.
- Create safe proof-of-concept examples to demonstrate exploitation paths and verify the real-world impact of discovered risks.
- Contextualize findings based on application business logic, user workflows, data sensitivity, and production environments.
- Author clear remediation guidance and partner with development teams to implement effective patches, controls, or architectural mitigations.
- Intercept and analyze application-layer network traffic using tools such as Burp Suite or similar intercepting proxies to inspect encrypted payloads, API calls, and authentication flows.
- Assess and help secure core architectures across REST APIs, SQL databases, PostgreSQL, JWT/OAuth, identity providers, and token-based authentication mechanisms.
- Perform threat modeling for web applications based on use cases, data flows, user roles, trust boundaries, and production environments.
- Improve DevSecOps pipelines by integrating, tuning, and operationalizing SAST, DAST, SCA, IaC scanning, secrets detection, and container security tooling.
- Support container runtime security efforts using monitoring and runtime protection tools such as Falco, NeuVector, or similar technologies.
- Create standardized security reporting that translates technical findings into clear risk narratives for both engineering teams and executive stakeholders.
Qualifications
- Ability to obtain a Security Clearance
- 2+ years of software development experience in Java
- Hands-on experience reviewing or securing applications built with Java Spring Boot, Angular, REST APIs, SQL databases, and PostgreSQL
- Working knowledge of authentication and authorization technologies, including JWT, OAuth, identity providers, Entra, Keycloak, and token-based access models
- Experience intercepting, decrypting, manipulating, and analyzing web or application network traffic
- Demonstrated ability to find, validate, and explain vulnerabilities in a real codebase
- Familiarity with CI/CD tools such as GitLab CI, Azure DevOps, or GitHub Actions
- Experience with containerized environments and orchestration tools such as Kubernetes
- Exposure to infrastructure-as-code and container scanning tools such as Trivy, Kubesec, or similar technologies
- Understanding of cloud hosting environments such as Azure or AWS
- Familiarity with secrets management tools such as GitLab Secrets Manager, AWS KMS, Azure Key Vault, or Ansible Vault
- Experience with automated application security testing, including SAST, DAST, and SCA
- Familiarity with runtime security and monitoring tools for containers, such as Falco, NeuVector, or similar platforms
- Hands-on web security testing experience using Burp Suite or comparable tooling
- Strong written communication skills, including the ability to write reports for both technical and non-technical audiences
- OSWE, OSCP, and/or GXPN certifications are highly desirable
Additional Information
Veilant is an equal opportunity employer committed to providing a diverse and inclusive environment for all employees. We offer competitive compensation, benefits, and a supportive culture that encourages professional growth and innovation.