86 applicants

Company

Original Job Post

EagleBank · 6 days ago

Application Security Engineer

Silver Spring, MD

Full-time

Hybrid

Senior Level

5+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

BankingFinancial Services

H1B Sponsorship

Hiring Manager

Amy D.

Insider Connection @EagleBank

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Provide application security expertise throughout the Software Development LifeCycle (SDLC).

Manage and drive forward the Application Security Analytics practices.

Validate and test web applications to ensure compliance with SDLC Policy and industry best practices.

Conduct Component Analysis to identify potential areas of risk from third-party and open-source software and hardware components.

Undertake threat modeling and periodic penetration testing using industry tools.

Maintain documentation and ensure understanding of OWASP Top 10 vulnerabilities.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Application DevelopmentApplication SecurityThreat ModelingPenetration TestingVulnerability AssessmentsSoftware SecurityComponent AnalysisOWASP Dependency-CheckBytesafe Dependency CheckerPattonPHP Security CheckerBURPMetaSploitNessusStatic Application Security TestingDynamic Application Security TestingCertified Secure Software Lifecycle Professional (CSSLP)Certified Application Security Engineer (CASE)GIAC Penetration Tester (GPEN)GIAC Web Application Penetration Tester (GWAPT)Certified Penetration Testing Professional (CPENT)Secure Programming Certified Leader (S-CSPL)ReconInformation GatheringMappingExploitationOWASP Best PracticesPASTA Methodology

Required

Bachelor’s degree in Computer Science or 4 additional years of software development.

5+ year’s experience with emphasis on application development, application security or related fields.

3+ year’s experience in application security technologies with knowledge of application security threats. Experience with threat modeling, attack surface analysis, penetration testing, software vulnerability assessments, and understand of software security threat vectors.

Knowledge of Component Analysis using tools such as OWASP Dependency-Check, Bytesafe Dependency Checker, Patton, PHP Security Checker, etc.

Knowledge of BURP, MetaSploit, Nessus is a must.

Some Experience with static and dynamic application security testing.

Required Certifications (at least one from this list): Certified Secure Software Lifecycle Professional (CSSLP) from ISC2, Certified Application Security Engineer (CASE) from EC-Council, GIAC Penetration Tester (GPEN) from SANS Institute, GIAC Web Application Penetration Tester (GWAPT) from SANS Institute, Certified Penetration Testing Professional (CPENT) from EC-Council, Secure Programming Certified Leader (S-CSPL) from SECO Institute.

Preferred

Experience as an application security engineer using a suite of tools used for Recon and Information Gathering (e.g. Nmap, NetCat, Spiders, OWASP Zed Attack Proxy).

Mapping and Discovery (e.g. Burp Suite with plug-ins)

Exploitation of top OWASP vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, etc. Experience with tools such as MetaSploit, AppScan or WebInspect.

Threat modeling using PASTA methodology.

Knowledge of OWASP Best practices

Knowledge of OWASP Testing Guide 4.0

Knowledge of OWASP Code Review 2.0

Knowledge of Software Component Verification Standard (SCVS).

Web Application Hacking and Security (W|AHS) from EC-Council.

Certified Ethical Hacker (CEH) from EC-Council.

Certified Ethical Hacker Master (CEH-M) from EC-Council.

Qualified/ Ethical Hacker Certification (Q/EH) from Security University.

Qualified/ Security Analyst Penetration Tester (Q/PTL) from Security University.

GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) from SANS Institute.

CompTIA Pentest+

Licensed Penetration Tester (L|PT) from EC-Council.

Project Management (PMP) certification.

Don't meet all the requirements? We encourage you to still apply if you think you are the right person to join our community. We are always interested connecting with people inspired by our mission and values. If you aren’t hired for this position, your resume will remain available for the next year and might be considered for future openings. Note: You can update your resume as often as needed.

Benefits

Wellness discounts

Healthcare premium sharing

Employer funding in your HSA account

Company

EagleBank

EagleBank is a local community business bank with 13 branch offices in Maryland, Northern Virginia and Washington, DC.

Founded in 1997

Bethesda, Maryland, USA

501-1,000 employees

https://www.eaglebankcorp.com/

H1B Sponsorship

EagleBank has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Trends of Total Sponsorships

2023 (1)