Application Security Engineer
Arlington, Virginia
Hybrid
Full Time
$140k - $160k
Senior Engineer- Information Security
As a Senior Application Security Engineer, you will play a critical role in strengthening the security of our applications throughout their entire lifecycle. You will work closely with development teams to embed security best practices, conduct comprehensive threat modeling, and leverage OWASP ASVS techniques to identify and mitigate vulnerabilities.
The company is located in Reston, VA and will require onsite a couple times a month.
What You Will Be Doing
The Offer:
15% bonus
Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.
As a Senior Application Security Engineer, you will play a critical role in strengthening the security of our applications throughout their entire lifecycle. You will work closely with development teams to embed security best practices, conduct comprehensive threat modeling, and leverage OWASP ASVS techniques to identify and mitigate vulnerabilities.
The company is located in Reston, VA and will require onsite a couple times a month.
What You Will Be Doing
- Lead and support the adoption of secure coding practices across development teams
- Conduct in-depth threat modeling for both new and existing applications to identify potential security risks
- Perform proactive security assessments and code analysis to uncover and address vulnerabilities
- Participate in code reviews for languages such as Java, Python, etc.
- Conduct both manual and automated secure code reviews for various programming languages
- Collaborate with developers to provide actionable remediation guidance and promote secure coding practices
- Implement and maintain automated security testing tools and processes
- Assess third-party libraries and dependencies for potential security risks
- Stay updated on evolving security threats, vulnerabilities, and technologies to continually enhance application security strategies
- Work with cross-functional teams, including Engineering and Operations, to integrate security within the software development lifecycle (SDLC)
- Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent experience)
- 10+ years of proven experience in Application Security Engineering or a similar position
- Strong knowledge of OWASP ASVS and application security best practices
- Solid experience with threat modeling methodologies and tools
- 5+ years of hands-on development experience in one or more programming languages such as Java, C, C++, or Python
- Expertise in secure coding practices (e.g., encryption, authentication, secure API design)
- Proficiency in security assessments, including penetration testing and code reviews
- Experience with SAST, DAST, and SCA tools like CodeQL, Burp Suite Enterprise, etc.
- Strong communication skills, with the ability to explain technical concepts to non-technical audiences
- Certifications such as CEH or equivalent are a plus
The Offer:
15% bonus
Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.