The Applications Security Engineer functions to provide detailed
analysis of development and COTS solutions web and client/server
application security. The Application Security Engineer serves the needs
of the agency by validating security controls and technical approaches
for application security.
Additionally, Application Security Engineer shall assess the existing
controls and recommend new solutions and policies to improve agency’s
security posture, act as a security subject matter expert on all projects
and initiatives, and work to improve the end user cybersecurity
Essential Duties and
Day to Day Operations:
• Develop security awareness, guidance, and socialization materials
for training, for internal applications teams.
• Review and provide consulting for IT security team members as part
of security reviews and investigations.
• Monitor and investigate application security logs.
• Develop implement and improve application security logging, alerts,
and incident response capabilities.
• Perform Cross functional internal teams and assist with architecture,
threat modeling, and reviewing systems and infrastructure to identify
vulnerabilities and weaknesses in architecture.
• Make appropriate vulnerability remediation recommendations,
create socialization and technical analysis documentation, and
collaborate with teams to implement those recommendations.
• Conduct vulnerability research and analysis for emerging threats,
best practices, and architectural models for application architecture
• Audit, validate, and track application architecture vulnerabilities
across presentation, data management and integration levels to
report and prioritize risk to businesses.
• Perform Application penetration testing to examine target systems
in detail, looking for vulnerabilities and weaknesses.
• Identify and implement application level security technical and
process vulnerability remediations and improvements.
• Define and own metrics to determine effectiveness of security
• Apply comprehensive hardening to infrastructure platforms,
deployment code, and images.
• Architect, build, automate, and operate automated security
controls/tools and review capabilities to detect vulnerabilities across
all applications and services.
• Development of Web Applications and Dashboards using front-end
• Create and maintain Secure Software Development Life Cycle
(SDLC) and secure SDLC models documentation for application
• Review, create and maintain security requirements of an application
while in development.
• Define, maintain, and enforce application security polices,
standards, and procedures.
• Perform manual and automated code review of applications.
• Assess track and prioritize vulnerabilities of applications.
• Provide detailed analysis and mitigations based on assessments and
testing of applications.
• Prioritize remediation based on security ratings and the needs of the
• Create socialization and guidance materials for Security standards.
• Lead Application Security Event Forensic Root Cause Analysis.
• Collaborate with incident coordinators and report to management of
findings in real time.
• Perform IT Security Triage, Scoping, and Containment, and
Mitigation activities in coordination with application owners.
• Complete documentation of IT Security events.
Functional Abilities, Knowledge and Skills
• Be a champion for security culture and excellence, exercise riskbased judgement and prioritize remediation work.
• Knowledge of IT control concepts such as zones of trust, zero trust,
and privileged access management.
• Ability to self-manage with limited oversight.
• Excellent written and oral communication skills.
• Excellent interpersonal skills.
• Excellent judgment and problem-solving skills.
• Strong Knowledge of OWASP Top 10.
• Strong knowledge of application threat modeling.
• Static application security testing and dynamic application security
• Ability to review and walkthrough code in real time for application
code and script review.
• Ability to troubleshoot modern identification and integration
Technical Abilities, Knowledge, and Skills
• Proficiency with Application vulnerability scanning and
penetration tools such as BurpSuite, AppSpider, Kali, etc.
• Proficiency with Scripting and Coding languages including
Powershell and Python, or similar in a Windows Environment
Bachelor’s degree in Computer Science, Application development,
Cyber security, or related field.
• Minimum three (3) to five (5) Years in Application, Web, and/or
• Minimum one (1) to two (2) years of work experience in an
Application Security function.
• Experience with integration systems including managed file
transfers, privileged access management and integration platforms
as a service.
• Experience with Oracle and Microsoft Database environments
• Experience working in Virtualized and Cloud environments
• Experience with identity protection services such as Azure Identity
• Experience implementing Azure MFA integrations.
• Experience with implementing modern authentication structures for
authentication SAML, OIDC, and OAuth.
• Experience with Solution as a service and other cloud model
• Experience with AWS, Azure environments including log review,
analytics, and security services.
• Experience testing APIs and mitigating open API vulnerabilities.
• Experience in pen testing and the MITRE ATT&CK framework.
• Experience troubleshooting Application and Operating system
• Published work or contributions in related subject matter.
• Penetration Testing, Application Forensic and threat hunting
certifications are a plus.
• Certified Application Security Engineer (CASE) or equivalent
• One (1) to three (3) years of experience in system/network security
functional position in Windows environments.
• Familiarity with Linux.
• Experience developing quantitative evaluation metrics through the
automation of analytics data collection and parsing.
• Experience with CIS, NIST, controls and other frameworks for onprem and cloud environments
• Experience with Structured and Unstructured Data.
• Experience with Container platforms such as Docker.
• Experience with Regex, log analytics and application log parsing.
Certificates Security+, SSCP, or CySA+ Certification
General Preferences Experience in Transit and Operational Technologies a plus.
Why Work Here?Radiant Digital is committed to delivering innovative technology solutions. Our client-centric engagement model increases efficiency and effectiveness!
Great growth, Great projects, and Great people