Job Description
We are looking for a Senior Application Security Engineer to enhance the security of our applications throughout their development lifecycle. You will collaborate closely with development teams to integrate security best practices, conduct thorough threat assessments, and apply industry standards to identify and mitigate security vulnerabilities. This position must be hybrid (3 days/week) local to the suburbs of Washington DC. $170-215k with an annual bonus.
What you'll be doing:
- Lead the design and implementation of secure coding practices within development teams.
- Conduct threat modeling for new and existing applications to identify potential security risks.
- Perform security reviews and code analysis to identify and resolve vulnerabilities.
- Participate in code reviews and conduct secure code assessments for various programming languages.
- Collaborate with developers to provide guidance on security improvements and secure coding techniques.
- Implement and manage automated security testing tools and processes.
- Evaluate third-party libraries and dependencies for potential security risks.
- Stay current with emerging security threats, vulnerabilities, and technologies to enhance application security.
- Work with cross-functional teams to integrate security into the software development lifecycle (SDLC).
What we're looking for:
- Proven experience in Application Security Engineering or a related role.
- Strong understanding of application security best practices and threat modeling methodologies.
- Extensive development experience in one or more programming languages (e.g., Java, Python, C, C++).
- Hands-on experience with secure coding practices, including encryption and authentication mechanisms.
- Proficiency in conducting security assessments, such as code reviews and penetration testing.
- Familiarity with security tools such as static and dynamic analysis tools (e.g., SAST, DAST).
- Excellent communication skills, with the ability to explain technical issues to diverse audiences.
- Relevant security certifications (e.g., CEH) are a plus.
No CTC or sponsorship at this time.