New 
Application Security Engineer
 TEKsystems | |
$65.00 - $80.00 / hr
| |
life insurance, sick time, 401(k), retirement plan
| |
 United States, Maryland, Rockville | |
 Mar 06, 2025 | |
|
*Top Skills' Details*
1. Hands on application penetration testing is needed. In depth knowledge of OWASP Top 10 and other advanced appsec issues such as SSRF, Domain takeover, etc 2. Clearly articulate security risks to application teams and help them in remediating the security issues. - Secure Code review Experience - Comes from a Developer (Java) background. Minimum ability to read Java code to help apps team fix bugs 3. Experience with SAST,DAST, IAST Tools. 4. AWS experience is a plus. 5. Certifications such as GWAPT, Portswigger academy, OSWE is a plus. *Description:* Summary: The main function of a Software Security Engineer is to assess software security by performing security testing, participate in code reviews and work in partnership with software development teams to ensure that appropriate software security controls have been designed and built within applications. *Job Responsibilities:* Perform software security testing at a unit, functional, and system wide level Perform manual and/or automated secure code reviews Lead threat modeling activities Assist development teams in designing, developing and implementing integrated software security solutions Conduct security risk analysis of business and technology projects Participate, as needed, in documenting software security standards, guidelines, policies and procedures Act as Software Security resource on assigned projects Creates reusable software security artifacts Develop and/or deliver software security focused training *Qualifications:* Bachelor's degree in Computer Engineering, Computer Science, Software Engineering or a related field8+ years experience Programming/development experience using C#, .NET or other applicable programming experience QA, test automation, and test design experience Experience performing automated and/or manual code reviews Experience in a group development environment as a software engineer or QA engineer or build/release engineer Experience with interpreting policies and appropriately applying them to projects Experience writing technology-specific best practices Additional Skills and Experience Required Skills 1. Application Security (AppSec) domain knowledge/experience, including ALL of the following: 1. Manual source code review 2. Experience analyzing DAST/SAST scan results (not just running the tools); Ideally with AppScan or Netsparker, and Checkmarx 3. Application penetration testing; ideally with BurpSuite 2. Solid Java Knowledge, and ideally at least historical Development Skills; e.g. a good understanding Core Java and ideally relevant frameworks (e.g. Spring, Hibernate, ...). 3. Strong understanding of both Web Application and Web Service architectures, as well as associated protocols 4. Networking fundamentals (ideally security-centric) 5. Demonstrated history of making Security their career path through roles held and credentials obtained Highly Desirable Skills 1. Python Knowledge + Development Skills 2. Capture the Flag (CTF) / red team exercise experiences. 3. Web Application Firewall (WAF) knowledge/experience 4. AWS Development Skills (e.g. ideally not just AWS Console access, but API level exposures) OR solid AWS Security knowledge. 5. Relevant Credentials, such as (Masters in Cybersecurity, OSCP, CEH) 6. Any of the following additional credentials - (NTH but not required) - Microsoft 365 Security Administration - Microsoft Azure Security Technologies - Certified Cloud Security Professional (CCSP) - AWS Certified Solutions Architect - AWS Certified Security Specialty (Associate or Professional) *** HYBRID 2 days a week onsite in Rockville, MD office*** SQL injections / HTTP Request *Pay and Benefits* The pay range for this position is $65.00 - $80.00/hr. Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: * Medical, dental & vision * Critical Illness, Accident, and Hospital * 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available * Life Insurance (Voluntary Life & AD&D for the employee and dependents) * Short and long-term disability * Health Spending Account (HSA) * Transportation benefits * Employee Assistance Program * Time Off/Leave (PTO, Vacation or Sick Leave) *Workplace Type* This is a hybrid position in Rockville,MD. *Application Deadline* This position is anticipated to close on Mar 19, 2025. About TEKsystems: We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law. | |