Application Security Engineer
4 days ago
Key Role:
Work together with the client and application community to support and maintain a resilient security posture for highly visible applications. Remediate application security flaws in conjunction with the application security team. Lead security discussions with the application teams to prescribe security best practices within their development life cycle. Perform dynamic and static application performance testing, perform security requirements creation or generation-level threat modeling leveraging tools, including SD Elements, and perform application-level testing using applications, such as Burp Suite. Work with the latest OWASP frameworks.
Basic Qualifications:
- 5+ years of experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and container and dependency scanning
- 5+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
- Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
- Experience working with Cloud technologies, including Azure or AWS, such as Infrastructure as a Service (IaaS)
- Experience with supporting security reviews of software and system releases within a DevSecOps framework supporting recurring path-to-production software and system release activities
- Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
- Ability to obtain a Secret clearance
- Bachelor's degree
Additional Qualifications:
- Experience with Interactive Application Security Testing (IAST) capabilities and tools
- Experience with OWASP ZAP or Burp Proxy
- Experience implementing and managing continuous monitoring solutions and working within an Agile based project management framework
- Experience with developing Body of Evidence artifacts for Certification and Accreditation (C&A) of systems under frameworks, including National Institute of Standards and Technology (NIST) Special Publication (SP) 800-Series, DoD Risk Management Framework (RMF), and Intelligence Community Directive (ICD) 503
- Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
- Ability to work independently and as an integrated member of a project team
- Possession of excellent verbal and written communication skills
- Secret clearance
- CISSP or CCSP certification
Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
Compensation
At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.
Salary at Booz Allen is determined by various factors, including but not limited to location, the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $75,600.00 to $172,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen’s total compensation package for employees. This posting will close within 90 days from the Posting Date.Work Model
Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.
- If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
- If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.
EEO Commitment
We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.
-
Application Security Engineer
2 weeks ago
Washington, United States SiriusXM Full timeResponsibilities: Who We Are: SiriusXM and its brands (Pandora, SiriusXM Media, AdsWizz, Simplecast, and SiriusXM Connect) are leading a new era of audio entertainment and services by delivering the most compelling subscription and ad-supported audio entertainment experience for listeners -- in the car, at home, and anywhere on the go with connected devices....
-
Security Application Engineer
2 weeks ago
Washington, Washington, D.C., United States Booz Allen Hamilton Full timeApplication Security EngineerKey Responsibilities:Engage with clients and the application development community to uphold a robust security framework for critical applications.Identify and mitigate application security weaknesses in collaboration with the application security team.Facilitate security discussions with development teams to advocate for...
-
Senior Application Security Engineer
2 weeks ago
Washington, Washington, D.C., United States Editech Staffing Full timeJob OverviewPosition: Senior Application Security Engineer / Source Code AnalysisLocation: OnsiteEditech Staffing is at the forefront of transforming cybersecurity practices through innovative solutions. We are currently seeking a skilled Senior Application Security Engineer to enhance our capabilities in application security.Our advanced Breach and Attack...
-
Lead Application Security Engineer
2 weeks ago
Washington, Washington, D.C., United States Motion Recruitment Full timePosition Overview:This role is for a full-time Senior Application Security Engineer, focusing on enhancing the security posture of applications within a dynamic environment. Company Profile:The organization is a leader in risk management, providing oversight for various entities in the commodity markets. They are committed to maintaining high standards of...
-
Senior Application Security Engineer
7 days ago
Washington, United States Motion Recruitment Full timeWashington, District Of ColumbiaHybridFull Time$150k - $180kThe opportunity pertains to a full-time Senior Application Security Engineer role based out of Tyson's Corner, VA. Applicants should have extensive experience in Java and similar languages, along with familiarity with code scanning systems. As industry leaders, the company specializes in risk...
-
Lead Application Security Engineer
1 week ago
Washington, Washington, D.C., United States Motion Recruitment Full timePosition Overview:This role involves a full-time opportunity for a Senior Application Security Engineer. The ideal candidate will possess a wealth of experience in Java and related programming languages, alongside a solid understanding of code scanning technologies.Company Background:Motion Recruitment is recognized for its expertise in risk management...
-
Lead Application Security Engineer
2 weeks ago
Washington, Washington, D.C., United States Motion Recruitment Full timePosition Overview: We are seeking a full-time Senior Application Security Engineer who will be instrumental in enhancing our security posture. This role focuses on ensuring the integrity of our applications through rigorous security measures. Location: This position offers a hybrid work model, allowing flexibility while working with a dynamic team. Key...
-
Lead Application Security Engineer
1 week ago
Washington, Washington, D.C., United States Motion Recruitment Full timeLocation: Hybrid - Washington, DC Position Type: Full-Time Salary Range: $150,000 - $180,000 This role is for a Senior Application Security Engineer within a prominent firm specializing in risk management across various sectors in the commodity markets. The ideal candidate will possess a strong background in Java and related programming languages, alongside...
-
Senior Application Security Engineer
3 months ago
Washington, United States Global Solutions Consulting (GSC) Full timeJob DescriptionJob DescriptionPosition Title: Senior Application Security EngineerLocation: Washington, DC (Hybrid)Job Requirements:Strong written and verbal communication skills· Must have GitLab CI/CD pipeline experience· Assist in the development and implementation of the DevSecOps strategy to include the definition and goals of the over-arching...
-
Application Security Engineer
2 weeks ago
Washington, United States Kraken Crypto Exchange Full timeBuilding the Future of Crypto Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology. What makes us different? Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you'll join us on our mission to accelerate the global adoption of...
-
Cloud Application Security Engineer
2 weeks ago
Washington, United States Addison Group Full timeJob DescriptionJob DescriptionPosition: Cloud Application Security EngineerLocation: Remote (East Coast)Availability: To Start: As soon as possibleAre you looking for a growth opportunity for a reputable company with a positive work environment? Our client is looking for a Cloud Application Security Engineer to join their team. Please contact us today to...
-
Lead Application Security Engineer
2 weeks ago
Washington, Washington, D.C., United States Motion Recruitment Full timePosition Overview:This role is focused on a full-time position for a Senior Application Security Engineer. The ideal candidate will possess significant expertise in Java and related programming languages, along with a solid understanding of code scanning technologies.Company Profile:The organization is a leader in risk management within the commodity markets...
-
Senior Application Security Engineer
3 weeks ago
Washington, DC, United States Motion Recruitment Full timeWashington, District Of ColumbiaHybridFull Time$150k - $180kThe opportunity pertains to a full-time Senior Application Security Engineer role based out of Tyson's Corner, VA. Applicants should have extensive experience in Java and similar languages, along with familiarity with code scanning systems. As industry leaders, the company specializes in risk...
-
Cybersecurity Engineer
3 days ago
Washington, Washington, D.C., United States Booz Allen Hamilton Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Engineer - Application Security to join our team at Booz Allen Hamilton. As a key member of our Application Security team, you will be responsible for supporting and maintaining a resilient security posture for our clients' highly visible applications.Key ResponsibilitiesRemediate application...
-
Senior Cyber Security Engineer
7 days ago
Washington, Washington, D.C., United States Iron Vine Security Full timeJob Summary:We are seeking a highly skilled Cybersecurity Expert to join our team at Iron Vine Security. As a Senior Cyber Security Engineer, you will play a critical role in designing, implementing, and maintaining IT security systems to protect our digital assets from malicious cyber-attacks.Key Responsibilities:Actively search for Indicators of Compromise...
-
Application Security Engineer, Senior
4 weeks ago
Washington, United States Booz Allen Hamilton Full timeApplication Security Engineer, SeniorKey Role:Work together with the client and application community to maintain a resilient security posture for highly visible applications. Remediate application security flaws in conjunction with the application security team. Lead security discussions with the application teams to prescribe security best practices within...
-
Application Security Analyst
1 month ago
Washington, United States Editech Staffing Full timeWe are seeking a Application Security Analyst to join a growing team! This is an opportunity to shape the security landscape. If you’re ready to tackle complex challenges, work with a team that values your expertise, and contribute to a culture of continuous innovation, this role is for you.Benefits IncludeHealth, Vision and Dental InsuranceGenerous Paid...
-
Application Security Analyst
1 month ago
Washington, United States Editech Staffing Full timeWe are seeking a Application Security Analyst to join a growing team! This is an opportunity to shape the security landscape. If you’re ready to tackle complex challenges, work with a team that values your expertise, and contribute to a culture of continuous innovation, this role is for you.Benefits IncludeHealth, Vision and Dental InsuranceGenerous Paid...
-
Senior Cyber Security Engineer
3 months ago
Washington, United States Iron Vine Security Full timeJob Requirements: · Strong written and verbal communication skills. · Experience designing, implementing, and maintaining IT security systems to protect digital assets from malicious cyber-attacks. · Experience developing and implementing an annual Incident Response Training and Testing Program · Experience implementing, configuring, and...
-
Security Engineer
4 weeks ago
Washington, Washington, D.C., United States Meta Full timeMeta Security is looking for a Security Engineer with experience in threat modeling, TTP identification, and detection engineering. You'll work alongside Software Engineers and Offensive Security Engineers to identify critical assets, assess the top risks, and evaluate potential attacks against Meta systems. You will be working across engineering teams...