Application Security Engineer

Infojini
Baltimore, MD
14 Feb 2025

Vacancy expired!

Job Title: Application Security Engineer Job Location: Baltimore, MD Position Description:

  • Perform city-wide web application vulnerability scanning.
  • Prioritize the results, perform code reviews and work with the development teams on best practices to remediate.
  • Track remediations to completion.
  • Build strong relationships with the development teams and work with them to integrate secure coding practices into the development lifecycle.
  • Identify patterns of findings, develop and provide training to the city's developers based on the findings and the OWASP top 10.
  • Schedule penetration testing against selected externally facing systems and be the interface between our 3rd party penetration test vendors and the application owner.
  • Track all pen test findings to completion.
  • Maintain web application inventory.
  • Respond to notifications and alerts of potential threats to reprioritize vulnerability mitigations when necessary.
  • Provide expertise to developers that request secure coding best practices support.
  • Monitor the progress of vulnerability remediation activities and provide metrics and regular status updates.
Education and Experience:
  • Bachelor's Degree or equivalent in computer engineering/science or a related technical field.
  • 2 plus years of relevant industry experience in software development and application security.
Skills Requirements:
  • Demonstrable coding experience in one or more general purpose languages (Java, .NET, Python, C#, NodeJS)
  • Experience in Web Application Firewall deployment and operation.
  • Experience with attacks and mitigation methods; web application and browser security; security assessments and penetration testing.
  • Understanding of information security Risk Management Framework (RMF) methodologies.
  • Previous tools experience working with Kali Linux, Metasploit, Wireshark, nmap, Tenable.io, Rapid7 InsightVM, Qualys, or equivalent toolsets.
  • Basic understanding of data integrity failures and what questions to ask as data is serialized and reconstructed.
  • Solid understanding of security fundamentals and information security control frameworks.
  • Excellent team player, self-confident, motivated, and independent, capable of working with little to no instructions.
  • Ability to multi-task and work in a fast-paced environment.
  • Attention to details and proven problem-solving skills.
  • Demonstrated communications and presentations skills (verbal and written).
Preferred Qualifications:
  • Relevant certifications (OSCP, CEH, CSSLP, CASE, GWEB, etc)
  • Understanding of the Azure DevOps pipeline and how to keep it secure.
  • Experience creating and delivering briefing materials
  • ID: #49198513
  • State: Maryland Baltimore 21212 Baltimore USA
  • City: Baltimore
  • Salary: USD TBD TBD
  • Job type: Contract
  • Showed: 2023-02-14
  • Deadline: 2023-04-14
  • Category: Et cetera