10,181 Application Security jobs in the United States

Application Security Engineer

Boston, MA

Hybrid

Contract

$60/hr - $70/hr

Job Description

A leading Boston-based bank is seeking a Mid-Level Application Security Engineer to support and secure its growing portfolio of internal and customer-facing applications. This team plays a key role in strengthening software security within a highly regulated financial environment, making it an excellent fit for someone who enjoys blending hands-on technical analysis with collaborative problem-solving.

In this role, you'll be responsible for performing SAST, DAST, and SCA scans, reviewing code for vulnerabilities, and partnering with development teams to remediate findings. You'll help define best practices, improve secure SDLC processes, and ensure applications meet internal and regulatory security requirements.

Required Skills & Experience:

• 2+ years of professional experience in Application Security or Secure Software Development

• Proficiency with SAST, DAST, and SCA tools (e.g., Veracode, Checkmarx, SonarQube, etc.)

• Experience reviewing source code for security vulnerabilities

• Strong communication skills with the ability to explain findings to developers and leadership

• Penetration testing or ethical hacking experience is a plus

Desired Skills:

• Familiarity with secure SDLC processes and DevSecOps principles

• Exposure to financial services or other regulated industries

• Knowledge of OWASP Top 10 and common application-layer threats

• Scripting skills (Python, Bash, etc.) to automate scans or reporting

• Relevant certifications such as GWEB, GWAPT, or eLearnSecurity certifications

What You'll Be Doing

Tech Breakdown

• 50% Static/Dynamic/Composition scanning and analysis

• 30% Code review and vulnerability remediation support

• 20% Collaboration, documentation, and secure SDLC improvements

Daily Responsibilities:

• Run and interpret SAST, DAST, and SCA scans across multiple applications

• Perform manual code reviews to identify and validate vulnerabilities

• Partner with developers to triage, prioritize, and remediate findings

• Contribute to secure coding standards and internal appsec guidelines

• Support ongoing improvements to application security tooling and processes

You will receive the following benefits:

• Medical Insurance - Four medical plans to choose from for you and your family

• Dental & Orthodontia Benefits

• Vision Benefits

• Health Savings Account (HSA)

• Health and Dependent Care Flexible Spending Accounts

• Voluntary Life Insurance, Long-Term & Short-Term Disability Insurance

• Hospital Indemnity Insurance

• 401(k) including match with pre and post-tax options

• Paid Sick Time Leave

• Legal and Identity Protection Plans

• Pre-tax Commuter Benefit

• 529 College Saver Plan

Motion Recruitment Partners (MRP) is an Equal Opportunity Employer. All applicants must be currently authorized to work on a full-time basis in the country for which they are applying, and no sponsorship is currently available. Employment is subject to the successful completion of a pre-employment screening. Accommodation will be provided in all parts of the hiring process as required under MRP's Employment Accommodation policy. Applicants need to make their needs known in advance.

Posted by: Sarah Carroll

Specialization:

• Cybersecurity

• Defines security requirements for the implementation of new applications and projects: Serves as a security engineer/consultant on projects, works closely with the application development team to ensure coding follows security best practices, provides security guidance during the design and implementation phases to ensure robust security controls are integrated from the start.
• Performs continuous penetration testing: Effectively documents and reports findings, illustrating risks and requirements for resolution. Recommends and implements improvements based on testing outcomes.
• Leads security research on threats and remediation techniques and technology: Makes informed recommendations to Information Security and Information Technology teams, oversees the implementation of recommended security measures.
• Conducts security event analysis and intrusion detection (IDS/IPS): Leads incident response efforts, including triage, incident analysis/forensics, and remediation. Develops and refines incident response processes and playbooks.
• Serves on the Incident Response Team: Focuses on Computer Incident Response, coordinates with various teams to ensure a cohesive and effective incident response.
• Supports the Bank's operational information security responsibilities, including the development and maintenance of standards, procedures, and guidelines necessary to satisfy the Information Security department's network operations.
• Manages and enhances the bank's network vulnerability management program: Regularly assesses and updates vulnerability management practices to ensure they meet current security standards and address emerging threats.
• Assists in conducting risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems.
• Provides technical support to regulatory agencies, external auditors, and internal auditors, as required, to respond to audits and examinations of the Bank's control environment

• Preferred: Bachelor's Degree in a related field, or equivalent education, certifications, and experience
• Required: 3 - 5 years' experience in application security, penetration testing, or a comparable role
• Required: Understanding of one or more of the following programming languages: C#, Angular JavaScript, T-SQL
• Preferred: Industry Standard Certifications, such as: CompTIA CASP+; GIAC, EC-Council, (ISC)2, OSCP, CompTIA Linux+; ISC2 CISSP, CompTIA Network+
• Understanding of one or more scripting languages.
• Understanding of Linux, Windows, and Mac OS.
• Passion for automation and scripting (Python, Perl, Bash, PowerShell, etc.).
• Strong technical skills with Microsoft Office; must have the ability to effectively communicate and write reports understandable to both business and technical staff.
• Threat analysis / Incident Response: interpreting events and analyzing network traffic.
• Mitigating and addressing threat vectors including XSS, broken authentication, SQL injections, SSRF, misconfigurations, insecure designs.
• Application vulnerabilities/penetration testing/remediation.
• Knowledge of current and upcoming IT security technologies.
• Awareness of the latest and common security threats (OWASP Top 10, OWASP for API).
• Excellent ability to diagnose and troubleshoot accessibility issues.
• Skill in oral and written communication, including presentations to senior management.
• Ability to influence and work with employees at all levels of the organization

• Medical, prescription, dental, and vision coverage for employees and their eligible family members
• Employer paid Employee Assistance Program, Life Insurance, AD&D, and Disability benefits
• Health Savings Account with employer contribution
• Healthcare and Dependent Care Flexible Spending Accounts and Commuter/Parking Benefit
• 401(k) and Roth 401(k) with company contribution
• 529 Education Savings plan, Tuition Reimbursement Program and Student Loan Assistance Program
• Supplemental Health plans, Voluntary Legal and Identity Theft Services
• 11 paid holidays, paid Sick days (accrual of one hour for every 30 hours worked), up to 25 paid vacation days, and 16 hours of paid volunteer time throughout the calendar year
• Free personal checking and savings account; Discounted rates on primary residence loan with 0 origination fees (restrictions apply)

• Mechanics Bank is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, religion, national origin, age, genetic information, veteran status, or on the basis of disability, gender identity, sexual orientation or other bases prohibited by applicable law.
• Please view Equal Employment Opportunity Posters provided by OFCCP here.
• To learn more about Mechanics Bank's California privacy and security policies, including your right to a Notice At Collection as a California Resident, please visit
  
  California Privacy Policy for Prospective Employees | Mechanics Bank

At AIG, we are reimagining the way we help customers to manage risk. Join us as a Junior Application Security Engineer to play your part in that transformation. Its an opportunity to grow your skills and experience as a valued member of the team.

Make your mark in Global Business Operations & IT

As a world leader in commercial and personal insurance solutions operating in over 70 countries and jurisdictions, AIGs Global Business Operations & IT team identifies and drives high-quality innovation and cost efficiency in all our processes, systems and operations. The organization ensures we operate as one globally consistent business delivering end-to-end services locally that contribute to our customers and AIGs success.

The Junior Application Security Engineer is an integral part of the Information Security Team.

How you will create an impact

• Help pilot, implement and operate an AI tool/service to drive continuous application penetration test automation. The implementation of AI tool/service to drive application penetration testing will enable scaling penetration testing for all applications going through SDLC at a reduced cost and help reduce cyber risk for AIG.

• Support theLabthat is used to drive security assessments and penetration testing by Cyber Threat Management (CTM) Teams.

• Assist in protecting applications, data, and systems by reducing security risks in custom and third-party software applications.

• Has a good understanding of application security weaknesses for various technologies including web applications, databases, and multi-tier applications.

• Knowledge of OWASP Top 10 and SANS TOP 25 vulnerabilities and remediation practices associated with each category.

• Use manual techniques and automated tools to analyze applications and source code to identify vulnerabilities, triage results, and provide mitigation plans for discovered risks.

• Assist lead analysts/engineers in analyzing the security of applications and their underlying services, integrating security touchpoints into all phases of the software development life cycle, and fostering a security mindset within development teams.

What youll need to succeed

• Development experience - applicationsoftware programming required (2+ years experience).

• A good understanding of application security weaknesses for various technologies including web applications, databases, and multi-tier applications is required.

• A good understanding of how Active Directory works regarding user and on a computer objects, as well as Groups, permissions, and inheritance

• Knowledge of application security testing tools such as Burp Suite, OWASP ZAP, Metasploit, PowerSploit, etc.

• Ability to review source code and explain mitigation controls within source code for languages including, JAVA, .Net, Python, HTML, etc.

• Ability to review, modify and create scripts for automating tasks using languages such as Python, Go, Powershell, etc.

• Up to date knowledge of the security landscape pertaining to new technologies.

• Ability to positively influence the behavior of peers and build relationships with other teams.

• Self-starter, ability to work independently with minimal supervision and as part of a team.

• Highly adaptable, and able to pivot rapidly to meet emerging threats/organizational needs.

• Any of the following certifications: CISSP, GIAC GSSP, CET, OSCP, OSCE, etc. is ideal

Ready to make a bigger impact? We look forward to receiving your application.

At AIG, we value in-person collaboration as a vital part of our culture, which is why we ask our team members to be primarily in the office. This approach helps us work together effectively and create a supportive, connected environment for our team and clients alike.

Enjoy benefits that take care of what matters

At AIG, our people are our greatest asset. We know how important it is to protect and invest in whats most important to you. That is why we created our Total Rewards Program, a comprehensive benefits package that extends beyond time spent at work to offer benefits focused on your health, wellbeing and financial securityas well as your professional developmentto bring peace of mind to you and your family.

Reimagining insurance to make a bigger difference to the world

American International Group, Inc. (AIG) is a global leader in commercial and personal insurance solutions; we are one of the worlds most far-reaching property casualty networks. It is an exciting time to join us across our operations, we are thinking in new and innovative ways to deliver ever-better solutions to our customers. At AIG, you can go further to support individuals, businesses, and communities, helping them to manage risk, respond to times of uncertainty and discover new potential. We invest in our largest asset, our people, through continuous learning and development, in a culture that celebrates everyone for who they are and what they want to become.

Welcome to a culture of inclusion

Were committed to creating a culture that truly respects and celebrates each others talents, backgrounds, cultures, opinions and goals. We foster a culture of inclusion and belonging through learning, cultural awareness activities and Employee Resource Groups (ERGs). With global chapters, ERGs are a cornerstone for our culture of inclusion. The talent of our people is one of AIGs greatest assets, and we are honored that our drive for positive change has been recognized by numerous recent awards and accreditations.

AIG provides equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.

AIG is committed to working with and providing reasonable accommodations to job applicants and employees with disabilities. If you believe you need a reasonable accommodation, please send an email to

Functional Area:

Job DescriptionJob DescriptionAbout xAI

xAI's mission is to create AI systems that can accurately understand the universe and aid humanity in its pursuit of knowledge. Our team is small, highly motivated, and focused on engineering excellence. This organization is for individuals who appreciate challenging themselves and thrive on curiosity. We operate with a flat organizational structure. All employees are expected to be hands-on and to contribute directly to the company's mission. Leadership is given to those who show initiative and consistently deliver excellence. Work ethic and strong prioritization skills are important. All engineers are expected to have strong communication skills. They should be able to concisely and accurately share knowledge with their teammates.

About the Role

We are seeking a skilled and innovative Application Security Engineer to join our technology-driven company. In this role, you will be responsible for ensuring the security and integrity of our cloud- applications and systems throughout the software development lifecycle, with a particular focus on code security, CI/CD pipelines, and emerging AI technologies.

Focus

• Conduct in-depth code reviews and static analysis to identify and mitigate security vulnerabilities in our applications
• Design and implement secure coding guidelines and best practices for development teams
• Collaborate closely with development teams to integrate security practices throughout the CI/CD pipeline
• Perform threat modeling and risk assessments for applications, developing mitigation strategies for potential risks
• Manage vulnerability tracking and remediation efforts, providing guidance to development teams
• Support incident response activities related to application security
• Stay current on emerging security threats and trends in cloud- technologies and AI, continuously enhancing our security measures
• Evaluate and secure software supply chains, including producing and maintaining Software Bills of Materials (SBOMs)
• Address security concerns specific to AI and machine learning models, with a focus on the OWASP LLM Top 10

Ideal Experience

• Bachelor's degree in Computer Science, Cybersecurity, or a related field
• 3-5 years of experience in application security, with a strong focus on code security practices
• Deep understanding of secure coding practices, application security frameworks, and common vulnerabilities (e.g., OWASP Top 10)
• Proficiency in Python or Rust programming and experience with secure coding practices in these
• Experience securing CI/CD pipelines and implementing DevSecOps practices
• Familiarity with software supply chain security and SBOM tools
• Experience with security testing tools (e.g., Burp Suite, OWASP ZAP) and static/dynamic code analysis
• Understanding of AI/ML security implications, particularly those outlined in the OWASP LLM Top 10
• Excellent communication skills, able to explain complex security issues to both technical and non-technical audiences

Qualifications

• Experience with cloud platforms (e.g., GCP, AWS, Azure) and their security features
• Relevant security certifications (e.g., CSSLP, OSWE)
• Background in data privacy and compliance regulations relevant to cloud- applications and AI systems
• Experience with GitOps and infrastructure-as-code security
• Familiarity with federated learning and privacy-preserving machine learning techniques

Bonus Skills

• Experience in building custom security tooling to enhance and automate security processes
• Interest in leveraging AI to automate security tasks and improve efficiency
• Contributions to open-source security projects or tools
• Experience in securing AI/ML models and data pipelines

Annual Salary Range

$200,000 - $340,000 USD

Benefits

Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term insurance, life insurance, and various other discounts and perks.

xAI is an equal opportunity employer.

California Consumer Privacy Act (CCPA) Notice

What You Can Expect

As an Application Security Engineer, you will play a crucial role in enhancing the security of our applications. Your focus will be on implementing security testing automation and tools, particularly in Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). You will have the opportunity to develop robust security programs, provide guidance on secure coding practices, and oversee container security initiatives. This position requires a blend of technical expertise in vulnerability assessment and automated security testing, along with collaboration across teams. You will effectively communicate security recommendations and drive modernization of our security processes through effective CI/CD integration, leveraging advanced tools including AI solutions.

About the Team

The security team is dedicated to application security engineering, with a focus on automating security testing through the use of SAST and DAST tools. They are tasked with developing comprehensive security programs, guiding secure coding standards, and managing container security. The team engages in both technical tasks—such as vulnerability assessments and automation—and collaborates across various departments. Their key objectives include modernizing security practices through CI/CD integration and utilizing advanced tools, including AI, to enhance security protocols.

Key Responsibilities

• Develop or leverage third-party security test automation solutions for Containers, Software Composition Analysis, SAST, and DAST.

• Establish and enforce security policies and procedures specifically tailored to container development and deployment.

• Triaging and validating security vulnerabilities identified by security tools, communicating findings to application owners, providing effective remediation recommendations, and confirming resolution.

• Engaging in manual security testing of web applications, web services, and mobile applications, ensuring thorough coverage.

• Identifying potential vulnerabilities based on industry standards (e.g., OWASP Top 10) and proposing improvements in security design or implementation.

• Collaborate with development and operations teams to integrate security into the Continuous Integration/Continuous Deployment pipeline and streamline automation of security processes.

• Develop tools or scripts to automate repetitive tasks, enhancing security automation and CI/CD integration.

What We're Looking For

• 3+ years of experience in a relevant field (e.g., Computer Science, Information Security) with a Bachelor's degree, or 1+ year with a Master's degree.

• Proven experience as a Security Engineer or in a similar capacity focusing on security testing, container security, and SAST/DAST.

• Experience with container security tools, image scanning, and vulnerability management; a solid understanding of security principles, protocols, and standards like CIS benchmarks and OWASP Top 10.

• Familiarity with security tools such as Kali Linux, Burp, Checkmarx, Netsparker, Coverity, and Prisma.

• Strong analytical and problem-solving abilities with a knack for identifying and mitigating security risks in complex environments.

• Excellent communication and interpersonal skills to collaborate effectively with cross-functional teams and convey technical concepts to non-technical audiences.

• Relevant certifications (e.g., Docker Certified Security Specialist, Certified Kubernetes Security Specialist) are preferred.

• Experience with Interactive Application Security Testing (IAST) and Incident Response and Security Platforms (IRASP).

Salary Range or On Target Earnings:

Minimum: $87,600.00

Maximum: $186,000.00

This position offers a competitive salary based on qualifications and experience. We also have a location-based compensation structure that varies by location.

Ways of Working:

Our hybrid approach emphasizes a balance between office and remote work environments. The specific work style for this role is indicated in the job description.

Benefits:

We offer a comprehensive benefits program designed to support employees' physical, mental, emotional, and financial well-being and promote work-life balance.

About Us:

At Zoom, we empower people to connect and accomplish great things together. Our collaboration platform serves a wide range of needs, and we are dedicated to creating an environment where our employees can thrive. If you're ready to join a dynamic team that values innovation and growth, we encourage you to apply!

Our Commitment:

We are committed to fair hiring practices that evaluate every candidate based on their skills, experience, and potential. If you require any accommodations during the hiring process, please reach out to us— we're here to support you every step of the way.

If you are excited about this opportunity, take your time to ensure it aligns with your career goals. We're continuously reviewing applications and look forward to meeting you!

Sompo has a unique opportunity for an Application Security Engineer in our Information Security team.

Location: This position will be based out of one of our US locations preferably the NYC / Purchase, NY / Garden City, NY / Morristown, NJ / Boston, MA / Conshohocken, PA or Charlotte, NC office. We strive for collaboration which is why we offer a work environment where our employees thrive and develop long lasting careers.

Our business, your impact, our opportunity:

What you'll be doing:

• Develop and implement application-focused security controls during all phases of Sompo's Secure Software Development Lifecycle and production operations.
• Collaborate, as needed, with development teams to enhance their secure coding practices, application design patterns, and technology selection.
• Maintain a strong familiarity with:
• Sompo's full stack of security technologies and common application architectures
• Regulatory requirements for security and privacy technologies.
• The various Sompo teams who are non-technical subject matter experts on those regulations.
• Industry-standard approaches for aligning development, operations, and security.
• Be responsible for continuously improving our suite of troubleshooting documents, SOPs, and support tools so that the IT support teams can self-resolve/diagnose application-level issues related to security incidents and/or controls.
• Application security review (development lifecycle, technology selection)
• Application security testing and instrumentation (production operations)
• Support of security tooling and automation

What you'll bring:

• Minimum of 5 years of experience in information security.
• Systematic thinking the ability to take a complex sequence of events and isolate the critical/relevant stages.
• Excellent interpersonal skills the ability to engage with both end users and IT colleagues to understand a problem and determine fact patterns, measurable requirements, and success criteria.
• Strong understanding of:
• HTTP, HTML, REST, SOAP, JSON, XML, YAML, and other data formats, web authentication patterns, especially SAML and OAuth, TLS/X509, and cookies, DNS, TCP/IP, and related tools (e.g., interpreting packet captures), Encryption at rest and in flight.
• Development and direct work experience with:
• Languages for automation, especially Python and Powershell, Query tools.
• Excel for ad-hoc analysis. Must be comfortable aggregating disparate sets of logs and other data for unified analysis.
• Packet captures for low level network troubleshooting
• Application development building blocks, Web application security components
• Native security controls in the Microsoft stack (OS, Office, Edge)
• Ability to write ad hoc queries using one or more of the following:
• Splunk, Powershell, Regular expressions, SQL, XPATH
• Ability to write practical audience-relevant documentation related to troubleshooting.
• B.S. in Computer Science or Software Engineering

Salary Range: $115,000 $165,000 Actual compensation for this role will depend on several factors including the cost of living associated with your work location, your qualifications, skills, competencies, and relevant experience.

At Sompo, we recognize that the talent, skills, and commitment of our employees drive our success. This is why we offer competitive, high-quality compensation and benefit programs to eligible employees.

Our compensation program is built on a foundation that promotes a pay-for-performance culture, resulting in higher incentive awards, on average, when the Company does well and lower incentive awards when the Company underperforms. The total compensation opportunity for all regular, full-time employees is a combination of base salary and incentives that gets adjusted upfront based on overall Company performance with final awards based on individual performance.

We continuously evaluate and update our benefit programs to ensure that our plans remain competitive and meet the needs of our employees and their dependents. Below is a summary of our current comprehensive U.S. benefit programs:

• Two medical plans to choose from, including a Traditional PPO & a Consumer Driven Health Plan with a Health Savings account providing a competitive employer contribution
• Pharmacy benefits with mail order options
• Dental benefits including orthodontia benefits for adults and children
• Vision benefits
• Health Care & Dependent Care Flexible Spending Accounts
• Company-paid Life & AD&D benefits, including the option to purchase Supplemental life coverage for employee, spouse & children
• Company-paid Disability benefits with very competitive salary continuation payments
• 401(k) Retirement Savings Plan with competitive employer contributions
• Competitive paid-time-off programs, including company-paid holidays
• Competitive Parental Leave Benefits & Adoption Assistance program
• Employee Assistance Program
• Tax-Free Commuter Benefit
• Tuition Reimbursement & Professional Qualification benefits

In today's world, what do we stand for?

Ethics and integrity are the foundation of delivering on our commitment to you. We believe that core values drive success, and that when relationships are held in the highest regard, there is nothing that cannot be accomplished. At Sompo, our ring is more than a logo, it is a symbol of our promise. To learn more about life at Sompo, visit our website.

Sompo is an equal opportunity employer and we intentionally value inclusion and diversity. Above all, we want you to work in an environment that respects everyone's unique contributions we are passionately committed to equal opportunities. We do not discriminate based on race, color, religion, sex orientation, national origin, or age.

Join to apply for the Application Security Engineer role at Steampunk, Inc.

4 weeks ago Be among the first 25 applicants

Join to apply for the Application Security Engineer role at Steampunk, Inc.

As a Web Application Security Engineer , you will provide technical expertise and solutions to remediate persistent and challenging portfolio-wide vulnerabilities. Were looking for someone who has passion for IT, resourceful problem-solving abilities, and a desire to learn our indicators of success in this role. The ideal candidate will have a breadth of experience over a variety of application and web based technologies. The candidate will not necessarily have deep experience in all domain areas but should have a good understanding of how the various layers of an enterprise application stack interact with one another. You will work directly with system admin teams to assist and remediate vulnerabilities and harden environments, while providing recommendations on ways to enhance vulnerability management. Additionally, you will work in a team environment to develop proactive solutions to improve overall enterprise security posture through process streamlining and automation.

Contributions

Responsibilities Include

• Provide subject matter expertise for various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle.
• Advocate for and ensure appropriate security practices are communicated and implemented within application development portfolios.
• Ability and proven experience in securing multiple areas of an enterprise application stack, including the OS, Database, Application Server, Load Balancer, and Web Server layers. Understanding how PKI/TLS certificates work is a must.
• Integrate with both the application development and security assurance divisions to ensure vulnerability findings are understood, remediated or baselined as appropriate.
• Document & Socialize security findings and remediation solutions in an enterprise knowledge base.
• Support the Information Assurance Branch and the SOC with scan analysis and partner with development teams to understand and remediate security findings.
  
  

• Ability to obtain a U.S. government Security Clearance
• Master's Degree and 3 years of relevant experience; OR
• Bachelor's Degree and 5 years of relevant experience; OR
• No degree and 9 years of relevant experience
• Possesses at least one professional certification relevant to the technical service provided. Maintain a certification relevant to the product being deployed and/or maintained.
  

• Former Developer or Systems Administrator experience
• Working knowledge of technologies used for building and deploying enterprise applications, such as, Maven, Grade, GIT, Jenkins, Ansible, Java, C#/.NET, Apache Tomcat, Apache HTTP Server, IIS, F5, Oracle, MSSQLSEVER, PostGres
• Working knowledge and experience in AWS and Azure GovClouds
• Ability to analyze DISA STIG audit compliance scan results and provide recommendations for resolution
• Analyze security environment, provide recommendations
• Working knowledge of JIRA, Service Now or equivalent
• Working knowledge of operating system and dynamic application security testing scan tools Invicti, Web Inspect, DAST/IAST suites
• Experience using Python to automate tasks
  
  

• CEH, GFACT, GPEN, OSCP or other relevant industry certifications
• Other Application based Technology specific certifiations
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries IT Services and IT Consulting

Referrals increase your chances of interviewing at Steampunk, Inc. by 2x

Herndon, VA 115,000.00- 145,000.00 1 week ago

Washington, DC 190,000.00- 230,000.00 6 days ago

Washington DC-Baltimore Area 60.00- 63.00 6 days ago

Washington, DC 119,765.00- 140,900.00 1 week ago

Washington, DC 135,000.00- 200,000.00 3 days ago

Washington, DC 125,000.00- 155,000.00 3 weeks ago

Tysons Corner, VA 150,000.00- 180,000.00 19 hours ago

Washington, DC 62,000.00- 141,000.00 2 weeks ago

Washington, DC 125,000.00- 140,000.00 10 hours ago

Washington, DC 62,000.00- 141,000.00 2 weeks ago

Washington, DC 200,000.00- 221,000.00 1 month ago

Annapolis Junction, MD 150,000.00- 220,000.00 1 month ago

Reston, VA 117,000.00- 239,000.00 2 weeks ago

Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Job Description: About Us:
We are a leading global financial services firm providing a wide range of investment banking, securities, investment management, and wealth management services. We advise, originate, manage, and distribute capital for governments, institutions, and individuals. As a market leader, the talent and passion of our people are critical to our success. We share a common set of values rooted in integrity, excellence, and teamwork. We provide a strong foundation for building a professional career where you can learn, achieve, and grow. We embrace integrity, excellence, teamwork, and giving back. Our people provide clients with the finest thinking, products, and services to help them achieve even the most challenging goals.

About the Team:
The mission of the Cloud Security & Developer Enablement team is to implement the Firms Cybersecurity Strategy by architecting, engineering, deploying, and operating technical security controls and capabilities for the Enterprise. This is achieved through architectural rigor, automation, agile delivery, and the adoption of Cloud and application security control implementations by the development community.

What Youll Do:

• Be part of a team of engineers to implement specific security policies in CI/CD security tools, including but not limited to SAST, DAST, and SCA applications.
• Work with Development, DevOps, and Security teams to identify and develop automated security and compliance capabilities supporting DevOps processes.
• Define security rules that must be adhered to at the code level in web and mobile applications written in .NET, Java, React, Python, and other languages.
• Provide security guidance to developers based on your development background and security knowledge, including secure coding standards and guidelines.
• Support security standards, create templates and patterns to enhance efficiency and adoption of security practices.
• Collaborate with partners to implement, manage, and optimize security measures within GitHub repositories to improve code integrity and protect against vulnerabilities.

Job DescriptionJob DescriptionSalary:

Who we are:

ShorePoint is a fast-growing, industry recognized, and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a work hard, play hard mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, , , and a focus on giving back to our community.

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nations critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 80% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement and more.

Who were looking for:

We are seeking an Application Security Engineer with expertise in Veracode and a strong background in application security testing. You will play a key role in securing enterprise applications by identifying vulnerabilities, integrating security best practices, and ensuring compliance with federal security standards. The Application Security Engineer role will focus on performing SAST and DAST testing, collaborating with developers, and designing security controls. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market.

What youll be doing:

• Perform Static and Dynamic Application Security Testing (SAST & DAST) using Veracode to identify and remediate vulnerabilities.
• Collaborate with development teams to integrate security best practices into IDE environments such as Eclipse, JDeveloper, or Visual Studio.
• Conduct in-depth security assessments for enterprise applications, using tools like Burp Suite, OWASP ZAP, and Selenium to ensure secure coding practices.
• Implement enterprise-wide security controls to protect applications, networks, and infrastructure services.
• Ensure compliance with federal security standards, including NIST 800-53, FIPS, and FedRAMP.
• Troubleshoot and secure Linux/UNIX environments, including addressing website connectivity and security issues.
• Utilize security frameworks (e.g., OWASP Top 10, CVSS, CWE, WASC, SANS-25) to analyze and mitigate risks.
• Support security automation by writing Bash scripts and developing security pipelines.

What you need to know:

• Expertise in Veracode for SAST, DAST, and IDE Plug-in environments.
• Programming skills in Java, Python, .NET, or C# for secure coding and remediation.
• Experience conducting security assessments with Burp Suite, OWASP ZAP, and Selenium.
• Proven ability to design and implement enterprise-wide security controls for applications, networks, and infrastructure.
• Strong knowledge of federal security compliance standards, including NIST 800-53, FIPS, and FedRAMP.
• Experience securing enterprise web applications using OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
• Familiarity with Linux/UNIX environments for troubleshooting and securing web applications.
• Ability to automate security processes through Bash scripting and pipeline development.

Must haves:

• 6+ years of Information Technology experience.
• 3+ years of experience with supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode.
• 3+ years of experience with Burp Suite.
• 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
• 2+ years of experience with Java, Python, .NET, or C#.
• Demonstrated ability to apply critical thinking in decomposing complex requirements into actionable tasks and processes.
• Experience with Eclipse, JDeveloper or Visual Studio, including pipeline development.
• Experience securing enterprise web applications and applying OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
• Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.
• Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues.
• U.S. citizenship in compliance with federal contract requirements.

Beneficial to have:

• Bachelors degree in Cybersecurity, Computer Science, Information Systems, Mathematics, Engineering or a related field.
• Industry recognized certifications.
• Experience with IAST (Interactive Application Security Testing) capabilities and tools.
• Experience with Selenium for security testing.
• Experience writing Bash scripts to automate security processes.
• Experience with OWASP ZAP or Burp Proxy.

Where its done:

• Remote (Herndon, VA).

remote work