Application Security Engineer - TS/SCI 
Location: Bethesda, MD (Hybrid) 
Security Clearance: TS/SCI clearance with the ability to obtain and maintain TS/SCI with Polygraph

Our Client is seeking a dedicated Application Security Engineer to join our team in support of the Defense Intelligence Agency's National Media Exploitation Center (DIA-NMEC) under our 10-year DOMEX Technology Platform (DTP) contract. As a Mid-Level Application Security Engineer, you will play a crucial role in enhancing the security posture of our software development lifecycle. We are looking for individuals who thrive in dynamic, fast-paced environments and possess a strong aptitude for cross-functional collaboration across various stages of development, production, and quality assurance.

Responsibilities:    

• Integrate security best practices into the software development life cycle (SDLC) and ensure security is embedded from design to deployment.
• Utilize Microfocus Fortify and other SAST tools to analyze source code for vulnerabilities.
• Work closely with development teams to remediate identified security issues.
• Implement and manage Black Duck SCA tools from Synopsys to identify and manage open-source component risks.
• Provide guidance on secure usage of third-party libraries and components.
• Conduct security assessments using Microfocus WebInspect and other DAST tools.
• Collaborate with development teams to address and remediate dynamic security findings.
• Implement and manage container security tools, with a focus on Anchore, to ensure secure container deployments.
• Provide recommendations for secure container orchestration.
• Work on ensuring systems and applications comply with Security Technical Implementation Guide

Minimum Requirements:    

• Bachelor’s degree in computer science, Information Security, or related field and 3+ years of prior experience in application security with a focus on SAST, SCA, DAST or Master’s with 1-2 years of prior experience in application security with a focus on SAST, SCA, DAST
• Must possess TS/SCI clearance with the ability to obtain and maintain TS/SCI with Polygraph.
• Experience in system integrations testing through a full system development life cycle, including implementing test plans, test cases and test processes.
• Strong experience with Microfocus Fortify, Black Duck, Microfocus WebInspect, Anchore, or similar products.
• Knowledge of secure coding practices and integration into SDLC
• Familiarity with common security frameworks and standards
• Strong programming/scripting skills
• Excellent communication and collaboration skills
• Working in an Agile project management environment
• Enthusiastic with the ability to work well on a team and a self-starter who can work on their own.

Preferred Qualifications:      

• Knowledge of Atlassian software such as JIRA, JIRA Service Desk, and Confluence
• Experience with data engineering tools such as Kubernetes/Rancher, Cloudera
• Experience with Configuration Management and IaC tools such as Salt or Ansible
• Experience with scripting languages, CI/CD tools, Elasticsearch, or Gitlab
• Experience working in an air-gapped environments
• Experience working in large computing environments (> 1,000 end-points)