Senior Application Security Engineer

Job Title: Senior Application Security Engineer

Department: Operations – Services 

Reports To: RavenTek Program Manager

Location: Remote

Schedule: Monday – Friday 

Hours: Full-time, 40-hours/week

FLSA Status: Salary, Exempt

Clearance: Public Trust

Position Summary

The Senior Application Security Engineer position will support the U.S. Securities and Exchange Commission (SEC), providing support to the other Units and Offices within the SEC to ensure the success of the program’s mission. The performance of the Senior Application Security Engineer position is key to RavenTek’s performance on the SEC program, and therefore RavenTek’s mission to support the customer.

Essential Duties and Responsibilities

• Support and maintain Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode.
• Perform application security assessments and penetration testing to identify vulnerabilities and recommend remediation strategies.
• Utilize Burp Suite to conduct security testing, including web application penetration testing and vulnerability assessments.
• Design and implement enterprise-wide security controls to secure applications, systems, networks, and infrastructure services.
• Work with development teams to integrate security best practices into the Software Development Life Cycle (SDLC).
• Assist in securing enterprise web applications following OWASP Top 10, CVSS, CWE, WASC, and SANS-25 security standards.
• Ensure compliance with federal security standards, including NIST 800-53, FIPS, and FedRAMP.
• Support security scanning and vulnerability management for Java, Python, .NET, or C# applications.
• Troubleshoot security vulnerabilities in Linux/UNIX environments and resolve basic website connectivity issues.
• Develop and maintain security documentation and reports for compliance and audit purposes.
• Provide Monthly Status Report (MSR) to RavenTek Program Manager by deadline provided.
• Enter actual time worked, once complete, at the end of the day, or no later than 10:00 a.m. the following workday, and submit timesheets at the end of each pay period.
• Monitor and respond to RavenTek email a minimum of 3 times per week.
• Other duties as assigned.

Knowledge and Critical Skills

• Expertise in Veracode for application security testing.
• Strong understanding of SAST, DAST, and interactive security testing tools.
• Proficiency in Java, Python, .NET, or C# for security assessments.
• Hands-on experience with Burp Suite for penetration testing.
• In-depth knowledge of federal compliance standards such as NIST 800-53, FIPS, and FedRAMP.
• Familiarity with Eclipse, JDeveloper, Visual Studio, and secure pipeline development.
• Ability to analyze and mitigate vulnerabilities identified in OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
• Strong troubleshooting skills in Linux/UNIX environments related to application security.
• Ability to collaborate effectively with cross-functional teams, including developers, security engineers, and compliance professionals.

Education & Work Experience

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• 6+ years of experience in Information Technology.
• 3+ years of hands-on experience with SAST, DAST, and Veracode.
• 2+ years of experience in Java, Python, .NET, or C# security assessments.
• 3+ years of experience with Burp Suite for penetration testing.
• 3+ years of experience in designing and implementing security controls for applications and infrastructure.

Certifications, Licenses

• Acceptable certifications include: OSCP, ISC2 CSSLP, ISC2 CISSP, CEH, or other Application Security related certifications.

Special Requirements

• Ability to obtain a Public Trust clearance. 

Work Environment

Employee will be working indoors in an office environment with other people. Potential moderate temperature fluctuations. Typical indoor and computer related noise level, and typical office, paper, and equipment related dust. Exposure to video display terminals occurs on a regular basis.

Physical Demands

To successfully perform the essential functions of the job, the employee needs to be able to sit at a workstation for extended periods; use hand(s) to handle or feel objects, tools, or controls; reach with hands and arms; talk and hear; see to read printed materials and computer screens; mobility to work in a typical office setting. Ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and may be required to provide recommendations, summaries and/or reports in written format. Must be able to effectively communicate with others verbally and in writing. Employee must be able to lift and/or move moderate amounts of weight, typically up to 20 pounds. Regular and predictable attendance is essential.

ADA: RavenTek will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990.

EEO/AA: RavenTek does not discriminate based on race, color, national origin, sex, religion, age, disability, sexual orientation, gender identity, veteran status, height, weight, or marital status in employment or the provision of services and is an equal access/equal opportunity/affirmative action employer.

This job description is not intended to be an all-inclusive list of duties and standards of the position and will be reviewed periodically as duties and responsibilities change with business necessity. Essential job functions are subject to modification. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor.