Application Security Engineer (2019-09) Fairfax, Virginia
Application Security Engineer
The Application Security Engineer evaluates application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software security architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.
- Supports the development of technical security safeguards to protect information systems from intentional (unauthorized) or accidental (inadvertent) access or destruction.
- Serves as a liaison between development teams and stakeholders to understand and formulate security requirements for project/program.
- Apply broad technical knowledge and skills to analyze, develop, create and implement process improvements, trouble shooting, and operational support.
- Defines, maintains, and enforces application security best practices.
- Conducts vulnerability y assessment and manual/automated code reviews.
- Explains and demonstrates vulnerabilities to application owners and provide recommendations for mitigation.
- Documents security defects in defect management system
- Identifies additional application security related tools, conducts tool analysis, and provided recommendations.
- Bachelor’s Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.
- 5-10 years of experience as an Application Security Developer, Application Security Analyst, or equivalent.
Other Job Specific Skills
- Working experience and knowledge of operating systems (e.g.: Windows, UNIX/Linux) and databases (Oracle, MySQL).
- Experience in Security tools like Nessus, IBM AppScan, HP Fortify, CheckMarx, Burp Suite
- Experience in SDLC and software development methodologies such as Waterfall, Iterative, Agile or DevOps
- Understanding of entire technology stack of networks, databases, applications and endpoints
- Understanding of web service technologies such as XML, JSON, SOAP, and REST
- Experience with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP.
- Good knowledge of OWASP Top 10 such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), and other attack vectors.
- Knowledge or experience with security technologies, single-sign-on and identity management technologies.
- Understanding of encryption, hashing, secure random number generation, key derivation, digital signatures, etc.
- Knowledge of risk analysis standards (e.g. NIST 800-30, CVSS, AVSS)