As a Senior Application Security Engineer you will be a part of a Research and Development (R&D) team focused on enhancing the security posture of the application lifecycle.  Under the general guidance of the Task Area Lead and/or a senior security subject matter expert, you will work independently and as part of a small group aligned with an agile workflow.  You will be an integral member of the team in establishing a SecDevOps practice for our client.  Using your advanced understanding of secure software design, you will be tackling challenges associated with open source security tool development, information system privacy, vulnerability mitigation, threat analysis, and application performance management.

In this role you will

  • Design related security management and automated security testing processes in an agile DevOps software development environment
  • Deliver IT security solutions via an agile software development workflow
  • Ensure critical system security through the use of best-in-class cloud security solutions
  • Perform secure source code review utilizing both human and a static code analysis toolset
  • Institute a “compliance as code” philosophy in the DevOps continuous delivery framework
  • Conduct pre-production acceptance testing to help assure the quality of products and services
  • Recommend security architecture and process improvements
  • Assist with the planning, tracking, delivering, and reporting of multiple high-priority security architecture sub-tasks
  • Implement quality assurance and control procedures to ensure adherence of deliverables to client requirements
  • Visit the client site (Baltimore, MD) one to two times per week
  • Execute other duties as assigned

You are someone who

  • Excels at problem solving and analysis
  • Is eager and able to apply new technologies easily
  • Possesses excellent communication skills
  • Manages workloads, competing priorities, and expectations well

What we require

  • Bachelor’s degree in Computer Science, Engineering, or related field or equivalent combination of education and related experience
  • 5+ years of scripting experience in JavaScript and/or Python using functional programming concepts
  • Able to obtain a Public Trust Clearance

What would get us excited

  • 5+ years of experience in application security, open source development, or as a security researcher
  • Knowledge of RESTful API integration in at least one functional area (e.g., Cloud, CI/CD Pipeline Components, Authentication, Storage, Synchronization, and/or Telemetry)
  • Proficiency in writing advanced database queries associated with structured and unstructured data
  • Expertise in the deconstruction of application stacks associated with bare-metal, SaaS, and PaaS architectures
  • Understanding of how to detect and remedy security issues associated with OWASP Top 1
  • Ability to scale security within the SDLC by automation using toolsets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques