Match score not available

Application Security Engineer

Remote: 
Full Remote
Contract: 
Experience: 
Senior (5-10 years)
Work from: 
District of Columbia (USA), United States

Offer summary

Qualifications:

6+ years of IT experience, 3+ years in SAST and DAST environments, 2+ years with Java, Python, .NET, or C#, Strong knowledge of OWASP Top 10 and related standards, U.S. citizenship and ability to obtain Public Trust.

Key responsabilities:

  • Collaborate to maintain security for applications
  • Lead security discussions with development teams
  • Conduct application security assessments and penetration testing
  • Implement OWASP frameworks for enhanced security
  • Stay updated on security threats and compliance
phia, LLC logo
phia, LLC Computer Hardware & Networking TPE https://www.phiatech.com/
11 - 50 Employees
See more phia, LLC offers

Job description

At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.

We are seeking an Application Security Engineer to work hand-in-hand with the Federal client to maintain a resilient security posture for highly visible applications. This position allows you to work remotely from anywhere within the United States. To be considered, U.S. citizenship is required, and you should be able to obtain a Public Trust before starting the position. If you thrive on complex problem-solving, enjoy providing innovative solutions, and want to have a meaningful impact on national security, let's explore the possibility of you working for phia!

What You'll Do
  • Collaborate with the federal client and application teams to maintain a robust security posture for high-visibility applications
  • Lead proactive security discussions with development teams to integrate best practices throughout the software development lifecycle
  • Conduct comprehensive application security assessments using dynamic and static testing methodologies
  • Perform threat modeling and security requirements analysis using tools like SD Elements
  • Execute in-depth application penetration testing using industry-standard tools such as Burp Suite
  • Implement and leverage the latest OWASP frameworks to enhance application security
  • Develop and maintain security controls to protect applications, systems, and infrastructure services
  • Provide expert guidance on remediating identified security flaws and vulnerabilities
  • Stay current with evolving security threats and compliance standards to ensure continuous improvement of security measures

  • Required: Education + Experience
  • 6+ years of Information Technology experience
  • 3+ years of experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments, particularly using Veracode
  • 2+ years of hands-on experience with Java, Python, .NET, or C#
  • 3+ years of proficiency with Burp Suite for application security testing
  • 3+ years of experience designing and implementing enterprise-wide security controls
  • Expertise in securing enterprise web applications and thorough knowledge of OWASP Top 10, CVSS, CWE, WASC, and SANS-25
  • Familiarity with federal compliance standards, including NIST 800-53, FIPS, and FedRAMP
  • Proficiency in Linux or UNIX environments, including troubleshooting website connectivity issues
  • Experience with development environments such as Eclipse, JDeveloper, or Visual Studio
  • Strong understanding of CI/CD pipeline security integration
  • U.S. citizenship and ability to obtain a Public Trust clearance


  • Desired Skills and Experience
  • Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field
  • Experience with Interactive Application Security Testing (IAST) tools and methodologies
  • Proficiency with Selenium for automated testing
  • Skill in writing bash scripts for security automation
  • Hands-on experience with OWASP ZAP or Burp Proxy
  • Certifications in application security or related fields (e.g., CSSLP, OSCP, GWAPT)

  • Security Clearance
  • U.S. Citizenship required
  • Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Public Trust determination is required
  • Who You Are
     A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
    Intellectually curious with a genuine desire to learn and advance your career.
    An effective communicator, both verbally and in writing.
    Customer service-oriented and mission-focused.
    Critical thinker with excellent problem-solving skills
     
    If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.

    Who We Are
    phia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
    phia values work-life balance and offers the following benefits to full-time employees:
     Comprehensive medical insurance to include dental and vision
    Short Term & Long-Term Disability
     401k Retirement Savings Plan with Company Match
    Tuition and Professional Development Assistance Flex Spending Accounts (FSA)

    phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.

    Required profile

    Experience

    Level of experience: Senior (5-10 years)
    Industry :
    Computer Hardware & Networking
    Spoken language(s):
    English
    Check out the description to know which languages are mandatory.

    Other Skills

    • Problem Solving
    • Information Technology
    • Verbal Communication Skills
    • Critical Thinking

    Security Engineer Related jobs