logo

View all jobs

Application Security Engineer - TS/SCI

Bethesda, MD · Information Technology

Application Security Engineer - TS/SCI 
Location: Bethesda, MD (Hybrid) 
Security Clearance: TS/SCI clearance with the ability to obtain and maintain TS/SCI with Polygraph

Our Client is seeking a dedicated Application Security Engineer to join our team in support of the Defense Intelligence Agency's National Media Exploitation Center (DIA-NMEC) under our 10-year DOMEX Technology Platform (DTP) contract. As a Mid-Level Application Security Engineer, you will play a crucial role in enhancing the security posture of our software development lifecycle. We are looking for individuals who thrive in dynamic, fast-paced environments and possess a strong aptitude for cross-functional collaboration across various stages of development, production, and quality assurance.

Responsibilities:    
  • Integrate security best practices into the software development life cycle (SDLC) and ensure security is embedded from design to deployment.
  • Utilize Microfocus Fortify and other SAST tools to analyze source code for vulnerabilities.
  • Work closely with development teams to remediate identified security issues.
  • Implement and manage Black Duck SCA tools from Synopsys to identify and manage open-source component risks.
  • Provide guidance on secure usage of third-party libraries and components.
  • Conduct security assessments using Microfocus WebInspect and other DAST tools.
  • Collaborate with development teams to address and remediate dynamic security findings.
  • Implement and manage container security tools, with a focus on Anchore, to ensure secure container deployments.
  • Provide recommendations for secure container orchestration.
  • Work on ensuring systems and applications comply with Security Technical Implementation Guide
Minimum Requirements:    
  • Bachelor’s degree in computer science, Information Security, or related field and 3+ years of prior experience in application security with a focus on SAST, SCA, DAST or Master’s with 1-2 years of prior experience in application security with a focus on SAST, SCA, DAST
  • Must possess TS/SCI clearance with the ability to obtain and maintain TS/SCI with Polygraph.
  • Experience in system integrations testing through a full system development life cycle, including implementing test plans, test cases and test processes.
  • Strong experience with Microfocus Fortify, Black Duck, Microfocus WebInspect, Anchore, or similar products.
  • Knowledge of secure coding practices and integration into SDLC
  • Familiarity with common security frameworks and standards
  • Strong programming/scripting skills
  • Excellent communication and collaboration skills
  • Working in an Agile project management environment
  • Enthusiastic with the ability to work well on a team and a self-starter who can work on their own.
Preferred Qualifications:      
  • Knowledge of Atlassian software such as JIRA, JIRA Service Desk, and Confluence
  • Experience with data engineering tools such as Kubernetes/Rancher, Cloudera
  • Experience with Configuration Management and IaC tools such as Salt or Ansible
  • Experience with scripting languages, CI/CD tools, Elasticsearch, or Gitlab
  • Experience working in an air-gapped environments
  • Experience working in large computing environments (> 1,000 end-points) 

Share This Job

Powered by