Application Security Engineer - TS/SCI
Location: Bethesda, MD (Hybrid)
Security Clearance: TS/SCI clearance with the ability to obtain and maintain TS/SCI with Polygraph
Our Client is seeking a dedicated
Application Security Engineer to join our team in support of the Defense Intelligence Agency's National Media Exploitation Center (DIA-NMEC) under our 10-year DOMEX Technology Platform (DTP) contract. As a Mid-Level Application Security Engineer, you will play a crucial role in enhancing the security posture of our software development lifecycle. We are looking for individuals who thrive in dynamic, fast-paced environments and possess a strong aptitude for cross-functional collaboration across various stages of development, production, and quality assurance.
Responsibilities:
- Integrate security best practices into the software development life cycle (SDLC) and ensure security is embedded from design to deployment.
- Utilize Microfocus Fortify and other SAST tools to analyze source code for vulnerabilities.
- Work closely with development teams to remediate identified security issues.
- Implement and manage Black Duck SCA tools from Synopsys to identify and manage open-source component risks.
- Provide guidance on secure usage of third-party libraries and components.
- Conduct security assessments using Microfocus WebInspect and other DAST tools.
- Collaborate with development teams to address and remediate dynamic security findings.
- Implement and manage container security tools, with a focus on Anchore, to ensure secure container deployments.
- Provide recommendations for secure container orchestration.
- Work on ensuring systems and applications comply with Security Technical Implementation Guide
Minimum Requirements:
- Bachelor’s degree in computer science, Information Security, or related field and 3+ years of prior experience in application security with a focus on SAST, SCA, DAST or Master’s with 1-2 years of prior experience in application security with a focus on SAST, SCA, DAST
- Must possess TS/SCI clearance with the ability to obtain and maintain TS/SCI with Polygraph.
- Experience in system integrations testing through a full system development life cycle, including implementing test plans, test cases and test processes.
- Strong experience with Microfocus Fortify, Black Duck, Microfocus WebInspect, Anchore, or similar products.
- Knowledge of secure coding practices and integration into SDLC
- Familiarity with common security frameworks and standards
- Strong programming/scripting skills
- Excellent communication and collaboration skills
- Working in an Agile project management environment
- Enthusiastic with the ability to work well on a team and a self-starter who can work on their own.
Preferred Qualifications:
- Knowledge of Atlassian software such as JIRA, JIRA Service Desk, and Confluence
- Experience with data engineering tools such as Kubernetes/Rancher, Cloudera
- Experience with Configuration Management and IaC tools such as Salt or Ansible
- Experience with scripting languages, CI/CD tools, Elasticsearch, or Gitlab
- Experience working in an air-gapped environments
- Experience working in large computing environments (> 1,000 end-points)