Skip to Main Content
← Back to Jobs

Applications Security Engineer

Radiant Digital Hampton ,VA
  • Posted: over a month ago
  • Full-Time
  • Benefits: medical, 401k, dental
Job Description

 

Description:

The Applications Security Engineer functions to provide detailed

analysis of development and COTS solutions web and client/server

application security. The Application Security Engineer serves the needs

of the agency by validating security controls and technical approaches

for application security.

Additionally, Application Security Engineer shall assess the existing

controls and recommend new solutions and policies to improve agency’s

security posture, act as a security subject matter expert on all projects

and initiatives, and work to improve the end user cybersecurity

awareness.

Essential Duties and

Responsibilities

Day to Day Operations:

• Develop security awareness, guidance, and socialization materials

for training, for internal applications teams.

• Review and provide consulting for IT security team members as part

of security reviews and investigations.

• Monitor and investigate application security logs.

• Develop implement and improve application security logging, alerts,

and incident response capabilities.

• Perform Cross functional internal teams and assist with architecture,

threat modeling, and reviewing systems and infrastructure to identify

vulnerabilities and weaknesses in architecture.

• Make appropriate vulnerability remediation recommendations,

create socialization and technical analysis documentation, and

collaborate with teams to implement those recommendations.

• Conduct vulnerability research and analysis for emerging threats,

best practices, and architectural models for application architecture

and dependencies.

• Audit, validate, and track application architecture vulnerabilities

across presentation, data management and integration levels to

report and prioritize risk to businesses.

• Perform Application penetration testing to examine target systems

in detail, looking for vulnerabilities and weaknesses.

• Identify and implement application level security technical and

process vulnerability remediations and improvements.

• Define and own metrics to determine effectiveness of security

controls.

• Apply comprehensive hardening to infrastructure platforms,

deployment code, and images.

• Architect, build, automate, and operate automated security

controls/tools and review capabilities to detect vulnerabilities across

all applications and services.

 

Structured Functions:

• Development of Web Applications and Dashboards using front-end

languages, such as HTML, Java, JavaScript, PHP, .NET, SQL etc.

• Create and maintain Secure Software Development Life Cycle

(SDLC) and secure SDLC models documentation for application

development teams.

• Review, create and maintain security requirements of an application

while in development.

• Define, maintain, and enforce application security polices,

standards, and procedures.

• Perform manual and automated code review of applications.

• Assess track and prioritize vulnerabilities of applications.

• Provide detailed analysis and mitigations based on assessments and

testing of applications.

• Prioritize remediation based on security ratings and the needs of the

business.

• Create socialization and guidance materials for Security standards.

Incident Response:

• Lead Application Security Event Forensic Root Cause Analysis.

• Collaborate with incident coordinators and report to management of

findings in real time.

• Perform IT Security Triage, Scoping, and Containment, and

Mitigation activities in coordination with application owners.

• Complete documentation of IT Security events.

 

Requirements:

Functional Abilities, Knowledge and Skills

• Be a champion for security culture and excellence, exercise riskbased judgement and prioritize remediation work.

• Knowledge of IT control concepts such as zones of trust, zero trust,

and privileged access management.

• Ability to self-manage with limited oversight.

• Excellent written and oral communication skills.

• Excellent interpersonal skills.

• Excellent judgment and problem-solving skills.

• Strong Knowledge of OWASP Top 10.

• Strong knowledge of application threat modeling.

• Static application security testing and dynamic application security

testing.

• Ability to review and walkthrough code in real time for application

code and script review.

• Ability to troubleshoot modern identification and integration

services implementations.

Technical Abilities, Knowledge, and Skills

• Proficiency with Application vulnerability scanning and

penetration tools such as BurpSuite, AppSpider, Kali, etc.

• Proficiency with Scripting and Coding languages including

Powershell and Python, or similar in a Windows Environment

 

Education:

Bachelor’s degree in Computer Science, Application development,

Cyber security, or related field.

Experience

• Minimum three (3) to five (5) Years in Application, Web, and/or

Database Management

• Minimum one (1) to two (2) years of work experience in an

Application Security function.

• Experience with integration systems including managed file

transfers, privileged access management and integration platforms

as a service.

• Experience with Oracle and Microsoft Database environments

• Experience working in Virtualized and Cloud environments

• Experience with identity protection services such as Azure Identity

Protection Services

• Experience implementing Azure MFA integrations.

• Experience with implementing modern authentication structures for

authentication SAML, OIDC, and OAuth.

• Experience with Solution as a service and other cloud model

architecture.

• Experience with AWS, Azure environments including log review,

analytics, and security services.

• Experience testing APIs and mitigating open API vulnerabilities.

• Experience in pen testing and the MITRE ATT&CK framework.

• Experience troubleshooting Application and Operating system

interactions

Preferred Experience

• Published work or contributions in related subject matter.

• Penetration Testing, Application Forensic and threat hunting

certifications are a plus.

• Certified Application Security Engineer (CASE) or equivalent

certification preferred.

• One (1) to three (3) years of experience in system/network security

functional position in Windows environments.

• Familiarity with Linux.

• Experience developing quantitative evaluation metrics through the

automation of analytics data collection and parsing.

• Experience with CIS, NIST, controls and other frameworks for onprem and cloud environments

• Experience with Structured and Unstructured Data.

• Experience with Container platforms such as Docker.

• Experience with Regex, log analytics and application log parsing.

Certificates Security+, SSCP, or CySA+ Certification

General Preferences Experience in Transit and Operational Technologies a plus.

Company Description
Radiant Digital is committed to delivering innovative technology solutions. Our client-centric engagement model increases efficiency and effectiveness!

Radiant Digital

Why Work Here?

Great growth, Great projects, and Great people

Radiant Digital is committed to delivering innovative technology solutions. Our client-centric engagement model increases efficiency and effectiveness!

Address

Hampton, VA
USA

What email should the hiring manager reach you at?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.

What email should we contact you at once we get salary info from the hiring manager?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.

Our qualification feature is only available to registered members - what email address would you like for us to keep on file?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.