Apply on Employer Site

Steampunk, Inc. · 18 hours ago

Application Security Engineer

McLean, VA

Full-time

Onsite

Mid, Senior Level

$100K/yr - $155K/yr

3+ years exp

Steampunk, Inc. is a Change Agent in the Federal contracting industry, focusing on innovative solutions in various sectors. The role of Web Application Security Engineer involves providing technical expertise to remediate vulnerabilities and enhance the security posture of enterprise applications through collaboration and proactive solutions.

ConsultingInformation Technology

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Provide subject matter expertise for various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle

Advocate for and ensure appropriate security practices are communicated and implemented within application development portfolios

Ability and proven experience in securing multiple areas of an enterprise application stack, including the OS, Database, Application Server, Load Balancer, and Web Server layers. Understanding how PKI/TLS certificates work is a must

Integrate with both the application development and security assurance divisions to ensure vulnerability findings are understood, remediated or baselined as appropriate

Document & Socialize security findings and remediation solutions in an enterprise knowledge base

Support the Information Assurance Branch and the SOC with scan analysis and partner with development teams to understand and remediate security findings

Qualification

Application SecurityVulnerability ManagementAWSAzure GovCloudsPythonPKI/TLSSecurity CertificationsOperating System SecurityDynamic Application Security TestingAgile EnvironmentMavenGITJenkinsAnsibleJavaC#/.NETApache TomcatOracleMSSQLSERVERPostGresJIRAService NowDocumentationTeam Collaboration

Required

Ability to obtain a U.S. government Security Clearance

Master's Degree and 3 years of relevant experience; OR Bachelor's Degree and 5 years of relevant experience; OR No degree and 9 years of relevant experience

Possesses at least one professional certification relevant to the technical service provided. Maintain a certification relevant to the product being deployed and/or maintained

Preferred

Former Developer or Systems Administrator experience

Working knowledge of technologies used for building and deploying enterprise applications, such as, Maven, Grade, GIT, Jenkins, Ansible, Java, C#/.NET, Apache Tomcat, Apache HTTP Server, IIS, F5, Oracle, MSSQLSERVER, PostGres

Working knowledge and experience in AWS and Azure GovClouds

Ability to analyze DISA STIG audit compliance scan results and provide recommendations for resolution

Analyze security environment, provide recommendations

Working knowledge of JIRA, Service Now or equivalent

Working knowledge of operating system and dynamic application security testing scan tools – Invicti, Web Inspect, DAST/IAST suites

Experience using Python to automate tasks

CEH, GFACT, GPEN, OSCP or other relevant industry certifications

Other Application based Technology specific certifications

Company

Steampunk, Inc.

Glassdoor4.4

Steampunk is anchored by a startup culture with a customer-centered delivery approach, we put our Federal government clients in the center of everything we design, develop, and deliver to drive high-quality mission impacts and user experiences at speed.

Founded in 2019

Washington, District of Columbia, USA

201-500 employees