Sr. Application Security Engineer
Job Summary:
This role focuses on comprehensive application security testing and vulnerability management across the software development lifecycle. It involves conducting automated and manual scans using tools like Invicti, Veracode, and Burp Suite to identify and remediate security flaws in application code and open-source components. The position requires strong collaboration with development and DevOps teams, secure coding expertise in languages such as Java and Python, and adherence to compliance frameworks including NIST, PCI-DSS, and SOX. The ideal candidate brings over five years of hands-on experience in application security, secure development practices, and automation within CI/CD environments.
To leverage deep expertise in application security testing, secure coding, and vulnerability management to enhance the security posture of enterprise applications. The goal is to proactively identify and remediate security risks, integrate security into DevOps workflows, and ensure compliance with industry standards, while fostering a collaborative environment that empowers development teams to build secure software from the ground up. Major Responsibilities:
Application Security Testing & Analysis:
- Conduct DAST scans using Invicti to identify vulnerabilities in applications.
- Conduct SAST scans using Veracode to identify vulnerabilities in source code.
- Conduct SCA scans using Veracode to identify vulnerabilities in open-source components.
- Compare SAST and DAST results to ensure comprehensive vulnerability coverage.
- Analyze scan results, identify root causes, and collaborate with developers to implement effective remediations.
- Work with CI/CD pipelines to integrate security testing into DevOps workflows.
- As-needed, conduct manual verification and secondary authenticated scans using Burp Suite to reduce false negatives.
- Understand and evaluate vulnerabilities in Java, .NET, Python, and other application codebases.
- Work with development teams to remediate security flaws in source code and follow secure coding practices.
- Provide guidance on OWASP Top 10 and SANS 25 vulnerabilities, including how they arise, how to exploit them, and how to prevent them.
- Able to perform scripting and coding in Java and Python as-needed for security engineering
- Ensure required DAST, SAST, and SCA release and periodic scanning is occurring and that scans and findings are addressed within SLA.
- Review and approve false positives and mitigated-by-design requests for DAST, SAST, and SCA
- Review and approve SDLC tasks (MME and SbD MUFG processes) for DAST, SAST, and SCA
- Maintain compliance with NIST, PCI-DSS, FFIEC, SOX, CIS security frameworks.
- Store and organize security artifacts in archives, following standardized documentation practices.
- Security Collaboration & Process Improvement:
- Work closely with developers, DevOps teams, and application owners to secure software at all stages of SDLC.
- Automate security scanning processes via scripting and improving reporting capabilities.
- Stay updated on the latest exploitation techniques, security research, and industry best practices.
- Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
- Relevant security certifications (e.g., OSCP, OSWE, GWAPT, CEH) are highly desirable.
- 5+ years of experience in Application Security, Secure Development, DAST, and SAST.
- Hands-on experience with DAST tools such as Invicti (Netsparker), AppScan, Burp Suite, Acunetix.
- Experience with SAST tools like Veracode and Fortify.
- Experience with Burp Suite performing manual testing
- Strong knowledge of web security vulnerabilities (OWASP Top 10, SANS 25, MITRE ATT&CK).
- Software development experience in Java, .NET, Python, or similar languages. Ability to perform scripting for security engineering.
- Familiarity with secure software development life cycle (SSDLC) and CI/CD pipelines.
- Experience with cloud security (AWS, Azure, Oracle Cloud) is a plus.
- Scripting skills (Python, Bash, PowerShell) to automate security tasks.
- Strong ability to collaborate with developers and provide security guidance in a constructive manner.
- Excellent communication skills, including technical reporting and vulnerability documentation.
- Analytical mindset with a passion for improving software security and reducing risk exposure.
- Experience with EnCase
- Experience with reverse engineering malware
Recommended Jobs
Phone Sales
Phone Sales Location Remote in Raleigh, NC : Are you an enthusiastic, hard-working, and highly motivated sales closer looking to earn six-figures working from home for a top employer that is explodin…
Travel CT Tech in Winston-Salem, NC - $11599/month
We are seeking a dedicated Travel CT Tech to join our team in Winston-Salem, NC. This position offers a competitive rate of $11,599/month. Responsibilities Include Performing high-quality comput…
Plant Operations Manager - Battery Recycling
Manufacturing Operations Manager Greensboro, NC Position summary: This position serves as the Operational Manager at a manufacturing company. The Operational Manager will play a sig…
Environmental Health and Safety Manager (Manufacturing)
Job Description Job Description We are seeking an EHS Manager for our growing client in Fayetteville, NC This is a direct hire, permanent placement role that will be 100% onsite. We are see…
Elder Care Provider Wanted - Elder Care Provider Wanted In Raleigh, Nc Family Atmosphere
Hello! I am looking for an experienced elder care provider for my mother with mid stage dementia. She is mobile and has a great sense of humor, but has short term memory deficit. She now requires some…
Commercial Insurance Producer - Transportation
Job Description Job Description SMO is seeking a Commercial Insurance Producer to represent our our office in North Carolina and South Carolina. This a fully remote job for the right candidate. L…
Nanny
Get hired for Chinelo's nanny Job in Charlotte, NC. Looking for a Nanny for our new born Daughter. Find nanny care work in Charlotte.
Cabinet Engineer
Accentuate Staffing is assisting a well-established cabinetry manufacturer in the Eastern NC area that is seeking a Cabinet Engineer to join their team. This is a direct hire opportunity offering exce…
Class A CDL Driver
Job Description Job Description We are looking for experienced CDL drivers in the Greensboro, High Point and surrounding areas. Must have clean background and active CDL. Must be able to pass DOT…
Elite Sales Professionals
Job Description Job Description Elite Sales Professionals in Fayetteville NC Job Description: We are seeking compassionate and highly motivated Elite Sales Professionals to join our team in Fay…