Job Details

Want to join Intellectfaces

Check out our openings from below and fill the application by clicking on it

Applications Security Engineer


Applications Security Engineer

Location: Hampton, VA

Resposibilities:

Job Summary:
The Applications Security Engineer functions to provide detailed analysis of development and COTS solutions web and client/server application security. The Application Security Engineer serves the needs of the agency by validating security controls and technical approaches for application security. Additionally, Application Security Engineer shall assess the existing controls and recommend new solutions and policies to improve agency’s security posture, act as a security subject matter expert on all projects and initiatives, and work to improve the end-user cybersecurity awareness.
 
Essential Duties and Responsibilities:
Day to Day Operations:
• Develop security awareness, guidance, and socialization materials for training, for internal applications teams.
• Review and provide consulting for IT security team members as part of security reviews and investigations.
• Monitor and investigate application security logs.
• Develop implement and improve application security logging, alerts, and incident response capabilities.
• Perform Cross functional internal teams and assist with architecture, threat modeling, and reviewing systems and infrastructure to identify vulnerabilities and weaknesses in architecture.
• Make appropriate vulnerability remediation recommendations, create socialization and technical analysis documentation, and collaborate with teams to implement those recommendations.
• Conduct vulnerability research and analysis for emerging threats, best practices, and architectural models for application architecture and dependencies.
• Audit, validate, and track application architecture vulnerabilities across presentation, data management and integration levels to report and prioritize risk to businesses.
• Perform Application penetration testing to examine target systems in detail, looking for vulnerabilities and weaknesses.
• Identify and implement application-level security technical and process vulnerability remediations and improvements.
• Define and own metrics to determine the effectiveness of security controls. 
Apply comprehensive hardening to infrastructure platforms, deployment code, and images.
• Architect, build, automate, and operate automated security controls/tools and review capabilities to detect vulnerabilities across all applications and services.

Structured Functions:
• Development of Web Applications and Dashboards using front-end languages, such as HTML, Java, JavaScript, PHP, .NET, SQL etc.
• Create and maintain Secure Software Development Life Cycle (SDLC) and secure SDLC models documentation for application development teams.
• Review, create and maintain security requirements of an application while in development.
• Define, maintain, and enforce application security polices, standards, and procedures.
• Perform manual and automated code review of applications.
• Assess track and prioritize vulnerabilities of applications.
• Provide detailed analysis and mitigations based on assessments and testing of applications.
• Prioritize remediation based on security ratings and the needs of the business.
• Create socialization and guidance materials for Security standards.

Incident Response:
• Lead Application Security Event Forensic Root Cause Analysis.
• Collaborate with incident coordinators and report to management of findings in real time.
• Perform IT Security Triage, Scoping, and Containment, and Mitigation activities in coordination with application owners.
• Complete documentation of IT Security events.

Requirements:
Functional Abilities, Knowledge and Skills
• Be a champion for security culture and excellence, exercise risk-based judgement and prioritize remediation work.
Knowledge of IT control concepts such as zones of trust, zero trust, and privileged access management.
• Ability to self-manage with limited oversight.
• Excellent written and oral communication skills.
• Excellent interpersonal skills. 
Excellent judgment and problem-solving skills.
• Strong Knowledge of OWASP Top 10.
• Strong knowledge of application threat modeling.
• Static application security testing and dynamic application security testing.
• Ability to review and walkthrough code in real-time for application code and script review.
• Ability to troubleshoot modern identification and integration services implementations.

Technical Abilities, Knowledge, and Skills
• Proficiency with Application vulnerability scanning and penetration tools such as BurpSuite, AppSpider, Kali, etc.
• Proficiency with Scripting and Coding languages including Powershell and Python, or similar in a Windows Environment

Training and/or Education:
Bachelor’s degree in Computer Science, Application Development, Cybersecurity, or related field.

Licenses or Certificates:
Security+, SSCP, or CySA+ Certification

Experience:
• Minimum three (3) to five (5) Years in Application, Web, and/or Database Management
• Minimum one (1) to two (2) years of work experience in an Application Security function.
• Experience with integration systems including managed file transfers, privileged access management and integration platforms as a service.
• Experience with Oracle and Microsoft Database environments
• Experience working in Virtualized and Cloud environments
• Experience with identity protection services such as Azure Identity Protection Services
• Experience implementing Azure MFA integrations.
• Experience with implementing modern authentication structures for authentication SAML, OIDC, and OAuth.
• Experience with Solution as a service and other cloud model architecture.
• Experience with AWS, Azure environments including log review, analytics, and security services.
• Experience testing APIs and mitigating open API vulnerabilities.
• Experience in pen testing and the MITRE ATT&CK framework.
• Experience troubleshooting Application and Operating system interactions
 

Job Features
Job Category Applications Security Engineer
Duration 12+ Months
Job Location Hampton, VA

Apply Online