Application Security Engineer
Posted on: June 6, 2021
The Application Security Engineer evaluates application security
in all phases of the software development life cycle. Works closely
with team members to define application security best practices,
performs software security architecture and design reviews, and
supports the identification, interpretation, and remediation of
vulnerabilities across a variety of applications, programming
languages, and platforms.
- Supports the development of technical security safeguards to
protect information systems from intentional (unauthorized) or
accidental (inadvertent) access or destruction.
- Serves as a liaison between development teams and stakeholders
to understand and formulate security requirements for
- Apply broad technical knowledge and skills to analyze, develop,
create and implement process improvements, trouble shooting, and
- Defines, maintains, and enforces application security best
practices within DevSecOps environment.
- Conducts vulnerability assessment and manual/automated code
- Explains and demonstrates vulnerabilities to application owners
and provide recommendations for mitigation.
- Documents security defects in defect management system
- Identifies additional application security related tools,
conducts tool analysis, and provided recommendations.
Bachelor's Degree in Computer Science, Engineering, or other
Engineering or Technical discipline or equivalent relevant
Desired Security+, CEH, GWAPT, GWEB, GSSP, CSSLP or SSP
Relevant Work Experience:
3-7 years of experience in Application Security, DevSecOps, or
- Experience in Security tools like Nessus, HP Fortify, Burp
- Experience in secure code review of Java applications
- Experience in Secure SDLC and DevSecOps principles and
- Experience in Python programming
- Working experience and knowledge of AWS CI/CD services, GitHub
- Understanding of entire technology stack of networks,
databases, applications and endpoints
- Understanding of web service technologies such as XML, JSON,
SOAP, and REST
- Experience with web system security concepts, including
authentication, authorization (RBAC), encryption/hashing, SAML, and
- Good knowledge of OWASP Top 10 such as cross-site scripting
(XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request
Forgery), and other attack vectors.
- Knowledge or experience with security technologies,
single-sign-on and identity management technologies.
- Understanding of encryption, hashing, secure random number
generation, key derivation, digital signatures, etc.
- Working experience and knowledge of operating systems (e.g.:
Windows, UNIX/Linux) and databases (Oracle, MySQL).
- Knowledge of risk analysis standards (e.g. NIST 800-30, CVSS,
Keywords: IntellectFaces, Reston , Application Security Engineer, Other , Reston, Virginia
Didn't find what you're looking for? Search again!