Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
TOMORROW HIRE

Application Security Engineer – DAST, Burp Suite

TOMORROW HIRE

Application Security Engineer ensuring secure development and testing of applications in a federal environment. Involves hands-on work with application security testing and compliance with federal standards.

Posted 5/18/2026full-timeRemote • District of Columbia, Washington • 🇺🇸 United StatesMid-LevelSenior💰 $120,000 - $140,000 per yearWebsite

Tech Stack

Tools & technologies
JavaLinux.NETPythonSeleniumUnix

About the role

Key responsibilities & impact
  • Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite.
  • Design and implement enterprise-wide security controls to secure applications, systems, networks, or infrastructure services.
  • Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring, CWE, WASC, and SANS Top 25 vulnerabilities.
  • Integrate security practices into development workflows using IDEs such as Eclipse, JDeveloper (including pipeline development), or Visual Studio.
  • Perform application security testing and automation using tools such as OWASP ZAP, Burp Proxy, Selenium, and Interactive Application Security Testing (IAST) capabilities.
  • Write and maintain bash scripts to support security automation, testing, and troubleshooting tasks.
  • Participate in vulnerability discovery, triage, and remediation processes, including crowdsourced security programs via platforms like HackerOne.
  • Work in Linux or UNIX environments, including navigating file systems and troubleshooting basic website connectivity and security issues.
  • Ensure applications and security practices align with federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.

Requirements

What you’ll need
  • Minimum 6+ years of Information Technology experience with a focus on application and security engineering.
  • 3+ years of hands-on experience supporting application security testing, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
  • Demonstrated experience with SAST, DAST, and IDE plug-in integrations using tools such as Veracode and Burp Suite.
  • Experience performing authenticated and unauthenticated crawl auditing and DAST scanning using Burp Suite Enterprise Edition, including scan configuration, issue validation, and remediation coordination.
  • Experience with Interactive Application Security Testing (IAST) tools and methodologies.
  • Proficiency using OWASP ZAP and/or Burp Proxy for web application security testing.
  • Experience participating in vulnerability discovery and remediation programs, including HackerOne.
  • Experience with test automation tools, including Selenium.
  • Proficiency in bash scripting for security automation, testing, and troubleshooting.
  • 2+ years of development experience in one or more programming languages, including Java, Python, .NET, or C#.
  • Experience integrating security into development workflows using Eclipse, JDeveloper (including CI/CD pipeline development), or Visual Studio.
  • 3+ years of experience designing and implementing enterprise-wide security controls to secure applications, systems, networks, or infrastructure services.
  • Hands-on experience securing enterprise web applications, with strong knowledge of OWASP Top 10, CVSS, CWE, WASC, and SANS Top 25 vulnerabilities.
  • Knowledge of federal compliance and security frameworks, including NIST 800-53, FIPS, and FedRAMP.
  • Working knowledge of Linux or UNIX environments, including file system navigation and troubleshooting basic website connectivity issues.
  • High School Diploma or GED required.
  • Public Trust Determination or Active Security clearance (preferred)

Benefits

Comp & perks
  • Health, Vision, and Dental Insurance
  • PTO

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Static Application Security Testing (SAST)Dynamic Application Security Testing (DAST)bash scriptingtest automationprogramming languages (Java, Python, .NET, C#)vulnerability discoverysecurity controls designweb application security testingauthenticated and unauthenticated crawl auditingsecurity integration in development workflows
Certifications
Public Trust DeterminationActive Security clearance