TOMORROW HIRE is revolutionizing the staffing industry by integrating advanced AI technology with deep human expertise.

Application Security Engineer – Public Trust/Secret Clearance

Application EngineerApplication EngineerFull TimeRemoteTeam 1-10Since 2024H1B No SponsorCompany Site LinkedIn

Location

District of Columbia + 1 more

Posted

49 days ago

Salary

$120K - $140K / year

High School6 yrs expEnglishJavaLinuxPythonSeleniumUnix.net

Job Description

• Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite. • Design and implement enterprise-wide security controls to secure applications, systems, networks, or infrastructure services. • Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring, CWE, WASC, and SANS Top 25 vulnerabilities. • Integrate security practices into development workflows using IDEs such as Eclipse, JDeveloper (including pipeline development), or Visual Studio. • Perform application security testing and automation using tools such as OWASP ZAP, Burp Proxy, Selenium, and Interactive Application Security Testing (IAST) capabilities. • Write and maintain bash scripts to support security automation, testing, and troubleshooting tasks. • Participate in vulnerability discovery, triage, and remediation processes, including crowdsourced security programs via platforms like HackerOne. • Work in Linux or UNIX environments, including navigating file systems and troubleshooting basic website connectivity and security issues. • Ensure applications and security practices align with federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.

Job Requirements

Minimum **6+ years of Information Technology experience** with a focus on application and security engineering.
3+ years of hands-on experience supporting application security testing**, including **Static Application Security Testing (SAST)** and **Dynamic Application Security Testing (DAST)**.
Demonstrated experience with **SAST, DAST, and IDE plug-in integrations** using tools such as **Veracode** and **Burp Suite**.
Experience with **Interactive Application Security Testing (IAST)** tools and methodologies.
Proficiency using **OWASP ZAP** and/or **Burp Proxy** for web application security testing.
Experience participating in **vulnerability discovery and remediation programs**, including **HackerOne**.
Experience with **test automation tools**, including **Selenium**.
Proficiency in **bash scripting** for security automation, testing, and troubleshooting.
2+ years of development experience** in one or more programming languages, including **Java, Python, .NET, or C#**.
Experience integrating security into development workflows using **Eclipse, JDeveloper (including CI/CD pipeline development), or Visual Studio**.
3+ years of experience designing and implementing enterprise-wide security controls** to secure applications, systems, networks, or infrastructure services.
Hands-on experience securing **enterprise web applications**, with strong knowledge of **OWASP Top 10**, **CVSS**, **CWE**, **WASC**, and **SANS Top 25** vulnerabilities.
Knowledge of **federal compliance and security frameworks**, including **NIST 800-53**, **FIPS**, and **FedRAMP**.
Working knowledge of **Linux or UNIX environments**, including file system navigation and troubleshooting basic website connectivity issues.
High School Diploma or GED** required.
Public Trust Determination or Active Security clearance (preferred)**