Sr Application Security Engineer
6 month temp to perm
US Citizen, GC, GC EAD
This position is a 6 month temp to perm. The rate is open as long as we can find the right person. The government client is looking for someone who used to be a software developer who is now focused on Application Security.
The Senior Application Security Engineer will work with Software Development teams at the National Institute of Health(NIH) to address web application security issues. This includes developing secure coding practices, and coaching on how to include security best practices in the software development life cycle (SDLC), knowing where security mistakes are made in software and working with engineers to mitigate them.
- Systematically address application security issues and develop secure coding practices for multiple development teams
- Integration of application authentication, encryption, authorization, and access control
- Provide mitigation strategies for applications from infrastructure, architecture, and secure coding perspectives
- Conduct manual code review, as well as, utilize source code scan tools such as Fortify or Checkmarx, to assist NLM application teams to apply the best practice for application security and catch potential vulnerabilities at early stage.
- Proactively work with team members to address security and compliance issues
- Provide education and assistance to application developers for applying Security Software Development Life Cycle
- Collaborate with development teams to prioritize and remediate vulnerabilities throughout the application lifecycle
- Utilize application security scanning tools such as BurpSuite to interpret reports and validate identified vulnerabilities and associated risks
- BA/BS Degree (or equivalent experience) and 5+ years relevant application security experience and software engineering
- Must have previous software development experience
- Experience performing software testing to identify vulnerabilities, using manual code review and automated tools such as BurpSuite Pro, Fiddler, Netsparker, AppScan, etc.
- Strong security software engineering background with extensive experience working in complex enterprise environments implementing security software development lifecycles
- Experience developing secure coding practices, with 2 or more of the following software languages - Java, ColdFusion, PHP, Python / Django, Node.js, and/or .NET
- Strong knowledge and experience in securing an application’s integration with relational database management systems, such as Oracle
- Extensive experience in addressing web application security issues, such as those outlined in OWASP Top 10
- Experience with vulnerability management and manually validating identified vulnerabilities
- Experience implementing application firewall rules (such as F5 ASM, iRules, and/or Apache ModSecurity) as compensating controls to protect Web applications
- Knowledge of security in both Linux and Windows environments as it pertains to Web application hosting, middleware (ie Apache, Tomcat, PHP, ColdFusion, Ajax), and databases (ie Oracle, MySQL, MS SQL Servers)
- Experience using Tenable Security Center is preferred
- Software Security Certifications, such as Certified Secure Software Lifecycle Professional (CSSLP) is a big plus
- Strong capability in evaluating software application security related products
CMMI Level 2 & ISO 9001:2008 Certified
4229 Lafayette Center Dr. Suite 1880, Chantilly, VA 20151