Application Security Engineer - DAST & Burp Suite Enterprise Security Testing

Application Security Engineer

Location: Fully Remote (East Coast)
Clearance: Public Trust, Secret Clearance preferred
Employment Type: Full-time

Salary: $120,000-$140,000

Role Overview:

The Application Security Engineer will support the secure development and testing of applications by leveraging specialized tools, implementing security controls, and ensuring compliance with federal standards. This role involves hands-on work with application security testing (SAST, DAST, IAST), vulnerability management, secure coding practices, and collaboration with development teams to protect enterprise web applications in a federal environment.

Responsibilities:

• Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite.
• Design and implement enterprise-wide security controls to secure applications, systems, networks, or infrastructure services.
• Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring, CWE, WASC, and SANS Top 25 vulnerabilities.
• Integrate security practices into development workflows using IDEs such as Eclipse, JDeveloper (including pipeline development), or Visual Studio.
• Perform application security testing and automation using tools such as OWASP ZAP, Burp Proxy, Selenium, and Interactive Application Security Testing (IAST) capabilities.
• Write and maintain bash scripts to support security automation, testing, and troubleshooting tasks.
• Participate in vulnerability discovery, triage, and remediation processes, including crowdsourced security programs via platforms like HackerOne.
• Work in Linux or UNIX environments, including navigating file systems and troubleshooting basic website connectivity and security issues.
• Ensure applications and security practices align with federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.

• Minimum6+ years of Information Technology experience with a focus on application and security engineering.
• 3+ years of hands-on experience supporting application security testing, includingStatic Application Security Testing (SAST) andDynamic Application Security Testing (DAST).
• Demonstrated experience withSAST, DAST, and IDE plug-in integrations using tools such asVeracode andBurp Suite.
• Experience performing authenticated and unauthenticated crawl auditing and DAST scanning using Burp Suite Enterprise Edition, including scan configuration, issue validation, and remediation coordination.
• Experience withInteractive Application Security Testing (IAST) tools and methodologies.
• Proficiency usingOWASP ZAP and/orBurp Proxy for web application security testing.
• Experience participating invulnerability discovery and remediation programs, includingHackerOne.
• Experience withtest automation tools, includingSelenium.
• Proficiency inbash scripting for security automation, testing, and troubleshooting.
• 2+ years of development experience in one or more programming languages, includingJava, Python, .NET, or C#.
• Experience integrating security into development workflows usingEclipse, JDeveloper (including CI/CD pipeline development), or Visual Studio.
• 3+ years of experience designing and implementing enterprise-wide security controls to secure applications, systems, networks, or infrastructure services.
• Hands-on experience securingenterprise web applications, with strong knowledge ofOWASP Top 10,CVSS,CWE,WASC, andSANS Top 25 vulnerabilities.
• Knowledge offederal compliance and security frameworks, includingNIST 800-53,FIPS, andFedRAMP.
• Working knowledge ofLinux or UNIX environments, including file system navigation and troubleshooting basic website connectivity issues.
• High School Diploma or GED required.
• Public Trust Determination or Active Security clearance (preferred)

Salary: $120,000-$140,000

Benefits include Health, Vision, and Dental Insurance, and PTO.