Agile Defense

Security Operations Engineer

Agile Defense

full-time

Posted on:

Origin:  • 🇺🇸 United States • Washington

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

JavaLinux.NETPythonSeleniumUnix

About the role

  • Work together with the client and application community to maintain a resilient security posture for highly visible applications.
  • Remediate application security flaws in conjunction with the application security team.
  • Lead security discussions with the application teams to prescribe security best practices within their development lifecycle.
  • Perform dynamic and static application testing and performance testing.
  • Perform security requirements creation or generation-level threat modeling leveraging tools, including SD Elements.
  • Perform application-level testing using applications such as Burp Suite.
  • Work with the latest OWASP frameworks.
  • Support SAST, DAST, and IDE plug-in environments and integrate security testing into pipelines.

Requirements

  • Burp and Veracode are currently the areas of focus.
  • Linux command line knowledge
  • Must have AppSec experience specifically DAST experience
  • Burp DAST operational experience, creating scripts around DAST test cases, use selenium or python to create Burp DAST custom extensions
  • Experience with Selenium
  • 6+ years of Information Technology experience
  • 3+ years of experience with supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite
  • 2+ years of experience with Java, Python, .NET, or C#
  • 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
  • Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
  • Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
  • Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
  • Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
  • Experience with Interactive Application Security Testing (IAST) capabilities and tools (preferred)
  • Experience with HackerOne (preferred)
  • Experience writing bash scripts (preferred)
  • Experience with OWASP ZAP or Burp Proxy (preferred)
  • HS diploma or GED
  • Public Trust - Ability to obtain a security clearance