Application Security Engineer

Washington, District of Columbia, United States

Applications have closed

phia LLC

At phia, trust us to solve the complex challenges of our connected world through top-tier cyber intelligence & threat hunting. Contact us.

View company page

At phia, we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.

We are currently seeking a senior level Application Security Engineer to work hand-in-hand with the Federal client and application community to maintain a resilient security posture for highly visible applications. This position is primarily remote, with occasional work or travel to a customer location in Washington, DC. Ideal candidates will live within a commutable distance to Washington, DC but not a deal breaker.

What You'll Do

  • Remediate application security flaws in conjunction with the application security team.
  • Lead security discussions with the application teams to prescribe security best practices within their development lifecycle.
  • Perform dynamic and static application performance testing, perform security requirements creation or generation level threat modeling leveraging tools, including SD elements, and perform application level testing using applications such as Burp Suite. Work with the latest OWASP frameworks.

Requirements

Education + Experience

  • 3+ years of experience with Java, Python, .NET, or C#
  • 3+ years of experience with using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
  • 3+ years of experience with supporting Veracode Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments
  • Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
  • Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
  • Knowledge of web protocols and a command line tool
  • Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
  • Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
  • Ability to obtain a security clearance
  • HS diploma or GED

Desired

  • Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field.
  • Experience with one or more of the following technologies: Networking, including CISCO, Juniper, or Palo Alto, operating systems, including Windows Server, Redhat, or Linux, cloud services, including AWS, Azure, Salesforce, Okta, O365, or ServiceNow, or Mobile Technologies, including iOS or Xen Mobile
  • Experience with designing, building, and implementing automation tools, including Ansible, Chef, or Puppet
  • Experience with Infrastructure as Code tools, including Cloud Formations or Terraform
  • Experience with container platforms, including OpenShift
  • Experience with chaos engineering and blue or green deployments
  • Experience with Serverless, including Lambda, API Gateway, Step Functions, and SAM
  • Experience with application performance analysis and monitoring, including ELK
  • Experience with an Agile release methodology

Desired Certifications

  • AWS Certified Solutions Architect or Developer Certification
  • CCNA, MSCE, RHCSA, EBSA or ECSS Certification

Desired Skills and Qualifications

  • Experience with securing cloud-based systems
  • Knowledge of NIST 800 Series Instruction/CNSS Directives/Information Assurance regulations
  • Knowledge of SDN/SDP and hybrid architectures
  • Ability to describe the differences between, and develop, various TIC 3.0 documentation
  • Ability to communicate complex and technical concepts clearly
  • Ability to compellingly justify security architecture decisions and direction to align others to a common vision

Security Clearance

  • This requires U.S. citizenship and eligibility for Public Trust

Who You Are

  • A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
  • Intellectually curious with a genuine desire to learn and advance your career.
  • An effective communicator, both verbally and in writing.
  • Customer service oriented and mission focused.
  • Critical thinker with excellent problem-solving skills.

If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.

IMPORTANT: This position may be subject to Executive Order 14042 and the Safer Federal Workforce Task Force Guidance requiring covered employees to be fully vaccinated against COVID-19, which the Federal Government is not enforcing at this time.

Benefits

Who We Are

phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia values work-life balance and offers the following benefits to full-time employees:

  • Comprehensive medical insurance to include dental and vision
  • Short Term & Long-Term Disability
  • 401k Retirement Savings Plan with Company Match
  • Tuition and Professional Development Assistance
  • Flex Spending Accounts (FSA)

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Agile Ansible API Gateway APIs Application security Automation AWS Azure Burp Suite C Clearance Cloud CNSS Compliance Computer Science CVSS DAST DoD ELK FedRAMP Incident response iOS Java Lambda Linux Monitoring NIST Okta OWASP Puppet Python SANS SAST Security Clearance Strategy Terraform UNIX Veracode Windows

Perks/benefits: 401(k) matching Career development Health care Insurance

Region: North America
Country: United States
Job stats:  1  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.