Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite.
Design and implement enterprise-wide security controls to secure applications, systems, networks, or infrastructure services.
Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring, CWE, WASC, and SANS Top 25 vulnerabilities.
Integrate security practices into development workflows using IDEs such as Eclipse, JDeveloper (including pipeline development), or Visual Studio.
Perform application security testing and automation using tools such as OWASP ZAP, Burp Proxy, Selenium, and Interactive Application Security Testing (IAST) capabilities.
Write and maintain bash scripts to support security automation, testing, and troubleshooting tasks.
Participate in vulnerability discovery, triage, and remediation processes, including crowdsourced security programs via platforms like HackerOne.
Work in Linux or UNIX environments, including navigating file systems and troubleshooting basic website connectivity and security issues.
Ensure applications and security practices align with federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.

Requirements

Minimum **6+ years of Information Technology experience** with a focus on application and security engineering.
**3+ years of hands-on experience supporting application security testing**, including **Static Application Security Testing (SAST)** and **Dynamic Application Security Testing (DAST)**.
Demonstrated experience with **SAST, DAST, and IDE plug-in integrations** using tools such as **Veracode** and **Burp Suite**.
Experience with **Interactive Application Security Testing (IAST)** tools and methodologies.
Proficiency using **OWASP ZAP** and/or **Burp Proxy** for web application security testing.
Experience participating in **vulnerability discovery and remediation programs**, including **HackerOne**.
Experience with **test automation tools**, including **Selenium**.
Proficiency in **bash scripting** for security automation, testing, and troubleshooting.
**2+ years of development experience** in one or more programming languages, including **Java, Python, .NET, or C#**.
Experience integrating security into development workflows using **Eclipse, JDeveloper (including CI/CD pipeline development), or Visual Studio**.
**3+ years of experience designing and implementing enterprise-wide security controls** to secure applications, systems, networks, or infrastructure services.
Hands-on experience securing **enterprise web applications**, with strong knowledge of **OWASP Top 10**, **CVSS**, **CWE**, **WASC**, and **SANS Top 25** vulnerabilities.
Knowledge of **federal compliance and security frameworks**, including **NIST 800-53**, **FIPS**, and **FedRAMP**.
Working knowledge of **Linux or UNIX environments**, including file system navigation and troubleshooting basic website connectivity issues.
**High School Diploma or GED** required.
**Public Trust Determination or Active Security clearance (preferred)**

Benefits

Health, Vision, and Dental Insurance
PTO

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Static Application Security Testing (SAST)Dynamic Application Security Testing (DAST)bash scriptingtest automationprogramming languagesJavaPython.NETC#vulnerability discovery

Certifications

High School DiplomaGEDPublic Trust DeterminationActive Security clearance