FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Application Security Engineer – Federal DevSecOps
phia, LLCApplication Security Engineer working with a federal agency’s AppSec team, managing application security workflows using Veracode and Burp Suite, ensuring compliance and security integration in CI/CD.
Tech Stack
Tools & technologiesJava.NETPythonSelenium
About the role
Key responsibilities & impact- Plan, schedule, and administer SAST and DAST scans using Veracode across a portfolio of federal web applications
- Conduct hands-on application security assessments using Burp Suite Enterprise – including proxy capture, authentication testing, repeater analysis, and manual verification of findings
- Triage scan results to distinguish true positives from false positives
- Integrate and maintain security tooling within CI/CD pipelines using GitHub Actions
- Support complex authentication testing scenarios including PIV card, EntraID, and SSO configurations
- Operate Contrast for IAST coverage across 150+ applications
- Communicate findings, status, and remediation guidance to development teams and federal clients during daily stand-ups and technical sessions
- Maintain working knowledge of evolving threats and federal compliance requirements
Requirements
What you’ll need- 6+ years of IT experience
- 3+ years specifically in SAST/DAST application security testing
- 2+ years of coding in Python, Java, .NET, or C#
- 3+ years designing and implementing enterprise-wide security controls
- High school diploma or GED required; Bachelor’s degree in Computer Science, Information Technology, Information Security, or related field preferred
- Public Trust / Suitability – U.S. Citizenship required
- Hands-on, operational experience running SAST and DAST programs
- Experience with Contrast (IAST) – deployment or workflow administration across a large application portfolio
- HackerOne or bug bounty program participation; published CVEs or CWEs a plus
- Selenium experience; experience scripting authentication flows for SSO or EntraID environments
- Familiarity with OWASP ZAP or Burp Proxy as complementary tooling
- Certifications in application security: CSSLP, OSCP, GWAPT, or equivalent
Benefits
Comp & perks- Medical Insurance
- Dental Insurance
- Vision Insurance
- Life Insurance
- Short Term &Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Paid Holidays
- Paid Time Off (PTO)
- Tuition and Professional Development Assistance
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
SASTDASTapplication security testingPythonJava.NETC#security controls designauthentication testingCI/CD pipelinesscripting
Soft Skills
communicationproblem-solvingcollaborationanalytical thinkingattention to detail
Certifications
CSSLPOSCPGWAPT