Application Security Engineer
Tential Solutions · Rockville, MD · 1 wk ago
Information TechnologyContract
Job Responsibilities
- Perform security assessments and manual penetration testing using tools such as Burp Suite and other proxy tools.
- Triage static (SAST), dynamic (DAST), interactive (IAST) analysis results to identify, prioritize and remediate security vulnerabilities.
- Integrate security practices into C/CD pipeline to support DevSecOps initiative.
- Maintain documentation of security findings, remediation plans, and compliance requirements.
- Develop and interpret security policies and procedures.
- Participate in security compliance efforts.
- Develop and deliver training materials and perform general security awareness and specific security technology training.
- Evaluate and recommend new and emerging security products and technologies.
- Leverage GenAI technologies to scale application security reviews and automate code analysis.
- Evaluate various application security tools/capabilities i.e., SAST, DAST, IaC, Secrets detection tools.
- Stay current with emerging security threats and countermeasures.
- Able to train or explain the common security issues to raise the security awareness among developers and assurance engineers.
- Perform AWS configuration reviews.
Qualifications
- Bachelor's degree in a technical field such as computer science, computer engineering or related field required.
- 5+ years of experience required in Cyber security and application security.
- Familiarity with SAST, DAST, IAST tools.
- Understanding of AWS is required.
- Deep understanding of OWASP top issues and remediation guidelines.
- Proficiency in one or more programming language (Java, Python, JavaScript is preferred).
- Understanding of CI/CD tools such as Jenkins and GITLAB.
- Familiarity with GenAI tools is a plus.
- Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
- Candidates with software development background is a plus.
- Consistent implementation of security solutions.
- Experience in infrastructure or application-level vulnerability testing and auditing.
- Certifications like GWAPT, OSWE, Burp Suite Certified Practitioner are good to have.