GuidePoint SecurityRemote
Senior Application Security Engineer - Mid-Atlantic region (Remote in VA, MD, PA, NC, DE, NJ, or DC)
United States of America
Full Time
1 day ago
No H1B
Key skills
Static Application Security Testing (SAST)SemgrepSnykCodeQLCheckmarxVeracodeContinuous Integration / Continuous Delivery (CI/CD)GitHub ActionsGitLab RunnersAzure DevOpsJenkinsCircleCIFull Stack Software DevelopmentScriptingOWASP Top 10Threat ModelingSecure Coding PracticesSoftware Development Lifecycle (SDLC)Custom SAST RulesInteractive Application Security Testing (IAST)Dynamic Application Security Testing (DAST)API SecuritySoftware Composition Analysis (SCA)NoNameTraceableSaltCequenceBurp SuiteSecure Development LifecycleVulnerability Triage and RemediationAzureGitHubGitLabSDLCCI/CDCommunicationOWASP
About this role
GuidePoint Security provides trusted cybersecurity expertise and solutions to help organizations manage risk. They are seeking a Senior Application Security Engineer to implement and troubleshoot application security tools, integrate security into the development process, and ensure secure coding practices throughout the software development lifecycle.
Responsibilities:
- Proficiency with the implementation, operationalization, and troubleshooting of Static Application Security Testing (SAST) tools such as Semgrep, Snyk, CodeQL, Checkmarx, Veracode, etc
- Understanding of Continuous Integration / Continuous Delivery (CI/CD) pipeline tools and processes (e.g. GitHub Actions, GitLab Runners, Azure DevOps, Jenkins, CircleCI, etc.)
- Experience in software engineering, ideally full stack software development, including modern technologies and application architectures
- Strong scripting and automation experience using one or more programming languages
- Solid working knowledge of application security fundamentals including the OWASP Top 10, threat modeling, and implementing secure coding practices throughout the Software Development Lifecycle (SDLC)
- Excellent written and verbal communication skills
- Experience writing or adapting custom SAST rules (Semgrep or CodeQL)
- Familiarity with additional Application Security tools (e.g. Interactive (IAST), Dynamic (DAST) and API security, SCA, etc.)
- Familiarity with API Security tools (e.g., NoName, Traceable, Salt, Cequence)
- Practical hands-on experience validating vulnerabilities and proficiency with Burp Suite
- Strong working knowledge of Secure Development Lifecycles and experience triaging and remediating technical vulnerabilities identified by web application scanning tools
- Understanding of automated security testing approaches and tools
- Experience in building and operating security tools within CI/CD pipelines
- Experience with proactive integration of security into the development process
- Past experience as an application security practitioner or software engineer
Requirements:
- Proficiency with the implementation, operationalization, and troubleshooting of Static Application Security Testing (SAST) tools such as Semgrep, Snyk, CodeQL, Checkmarx, Veracode, etc
- Understanding of Continuous Integration / Continuous Delivery (CI/CD) pipeline tools and processes (e.g. GitHub Actions, GitLab Runners, Azure DevOps, Jenkins, CircleCI, etc.)
- Experience in software engineering, ideally full stack software development, including modern technologies and application architectures
- Strong scripting and automation experience using one or more programming languages
- Solid working knowledge of application security fundamentals including the OWASP Top 10, threat modeling, and implementing secure coding practices throughout the Software Development Lifecycle (SDLC)
- Excellent written and verbal communication skills
- Bachelor's degree in a relevant discipline or equivalent experience
- 5-7 years of security engineering experience in the Information Security industry
- Experience writing or adapting custom SAST rules (Semgrep or CodeQL)
- Familiarity with additional Application Security tools (e.g. Interactive (IAST), Dynamic (DAST) and API security, SCA, etc.)
- Familiarity with API Security tools (e.g., NoName, Traceable, Salt, Cequence)
- Practical hands-on experience validating vulnerabilities and proficiency with Burp Suite
- Strong working knowledge of Secure Development Lifecycles and experience triaging and remediating technical vulnerabilities identified by web application scanning tools
- Understanding of automated security testing approaches and tools
- Experience in building and operating security tools within CI/CD pipelines
- Experience with proactive integration of security into the development process
- Past experience as an application security practitioner or software engineer