EagleBank · 6 days ago
Application Security Engineer
Wonder how qualified you are to the job?
Maximize your interview chances
Insider Connection @EagleBank
Responsibilities
Provide application security expertise throughout the Software Development LifeCycle (SDLC).
Manage and drive forward the Application Security Analytics practices.
Validate and test web applications to ensure compliance with SDLC Policy and industry best practices.
Conduct Component Analysis to identify potential areas of risk from third-party and open-source software and hardware components.
Undertake threat modeling and periodic penetration testing using industry tools.
Maintain documentation and ensure understanding of OWASP Top 10 vulnerabilities.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor’s degree in Computer Science or 4 additional years of software development.
5+ year’s experience with emphasis on application development, application security or related fields.
3+ year’s experience in application security technologies with knowledge of application security threats. Experience with threat modeling, attack surface analysis, penetration testing, software vulnerability assessments, and understand of software security threat vectors.
Knowledge of Component Analysis using tools such as OWASP Dependency-Check, Bytesafe Dependency Checker, Patton, PHP Security Checker, etc.
Knowledge of BURP, MetaSploit, Nessus is a must.
Some Experience with static and dynamic application security testing.
Required Certifications (at least one from this list): Certified Secure Software Lifecycle Professional (CSSLP) from ISC2, Certified Application Security Engineer (CASE) from EC-Council, GIAC Penetration Tester (GPEN) from SANS Institute, GIAC Web Application Penetration Tester (GWAPT) from SANS Institute, Certified Penetration Testing Professional (CPENT) from EC-Council, Secure Programming Certified Leader (S-CSPL) from SECO Institute.
Preferred
Experience as an application security engineer using a suite of tools used for Recon and Information Gathering (e.g. Nmap, NetCat, Spiders, OWASP Zed Attack Proxy).
Mapping and Discovery (e.g. Burp Suite with plug-ins)
Exploitation of top OWASP vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, etc. Experience with tools such as MetaSploit, AppScan or WebInspect.
Threat modeling using PASTA methodology.
Knowledge of OWASP Best practices
Knowledge of OWASP Testing Guide 4.0
Knowledge of OWASP Code Review 2.0
Knowledge of Software Component Verification Standard (SCVS).
Web Application Hacking and Security (W|AHS) from EC-Council.
Certified Ethical Hacker (CEH) from EC-Council.
Certified Ethical Hacker Master (CEH-M) from EC-Council.
Qualified/ Ethical Hacker Certification (Q/EH) from Security University.
Qualified/ Security Analyst Penetration Tester (Q/PTL) from Security University.
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) from SANS Institute.
CompTIA Pentest+
Licensed Penetration Tester (L|PT) from EC-Council.
Project Management (PMP) certification.
Don't meet all the requirements? We encourage you to still apply if you think you are the right person to join our community. We are always interested connecting with people inspired by our mission and values. If you aren’t hired for this position, your resume will remain available for the next year and might be considered for future openings. Note: You can update your resume as often as needed.
Benefits
Wellness discounts
Healthcare premium sharing
Employer funding in your HSA account
Company
EagleBank
EagleBank is a local community business bank with 13 branch offices in Maryland, Northern Virginia and Washington, DC.
H1B Sponsorship
EagleBank has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Trends of Total Sponsorships
2023 (1)
Funding
Current Stage
Public CompanyTotal Funding
unknown2016-07-26Post Ipo Debt· Undisclosed
1998-07-31IPO· nasdaq:EGBN
Leadership Team
Recent News
Business Journals
2024-05-13
2024-05-07
Globe Newswire
2024-03-29
Company data provided by crunchbase