Application Security Engineer (Remote)

NetCentric Technology is seeking an Application Security Engineer with excellent collaboration skills to support a Cybersecurity Support Services (CSSS) contract with the Department of Defense (DoD).
This role ensures that adequate and effective security processes, controls, and lifecycles are followed and aligned to deliver application security best practices and frameworks. The Application Security Engineer supports the information security and compliance program, establishing appropriate assessments, managing, and tracking risk mitigation and remediation activities.

• Collaborate with development teams to shift security left in the software development life cycle, ensuring that security is integrated throughout the development process
• Support the Fortify SSC platform and other SAST, DAST, OAST, IAST, and RAST tools by providing information security engineering for cybersecurity application tools (installation, configuring, monitoring)
• Create and maintain SOPs, TTPs, checklists, etc., to address software vulnerabilities
• Coordinate and maintain vulnerability management, testing, and infrastructure compliance
• Support Cybersecurity reviews, including generation of security artifacts, such as security plans, POA&M, and security CONOPS
• Prepare and present weekly and monthly presentation statuses and facilitate AppSec cross-division meetings
• Ensure AppSec tools’ system availability, functionality, and system configuration including DoD STIG implementation, compliance, and remediation

ASRC Federal Advantages

• Employee Resource Groups: That provide our employees the opportunity to collaborate and network with colleges with common interests, backgrounds, and experiences including Women's Impact Network (WIN), Multicultural ERG, Military Community (MILCOM), and Pride ERG for LGBTQ+ employees and allies.
• Learning and Development: After 90 days of employment, regular full-time employees can get reimbursed up to $5,250 annually to go towards Associate’s, Bachelor’s or Graduate Degrees; Industry standard professional certification; A professional certificate program; Continuing education classes; and Registration fees to attend professional conferences.
• Benefits: Comprehensive insurance packages including medical, dental, vision, life insurance, and short term/long term disability, as well as a 401K with generous company match and immediate vesting.
• Purpose Driven Careers: Certified Great Place to Work™; Certified Military Times' 'Best for Vets' and Military.com ‘Top 25 Veteran Employer.’

#broadleaf
Qualifications

• Must be able to support a Pacific Time schedule
• Experience in application development is a plus
• Active Secret Clearance
• Bachelor’s degree in computer science, related field or equivalent experience
• 5+ years of application security experience, such as the management and operations of Static, Dynamic, open-source, and web vulnerability scanning, and/or manual review of source code for vulnerabilities
• Demonstrate and maintain knowledge to meet DOD 8140 requirements through education, training, or personnel certification such as but not limited to an active DoD 8570 IA baseline security certification

Skills

• Excellent written communication skills
• Demonstrated experience in developing, documenting, and maintaining security applications/tools and procedures/standards
• Experience with the Risk Management Framework (RMF) including NIST 800-53
• In-depth knowledge of security vulnerabilities, attack vectors, mitigation techniques, and best practices
• Fluent with security testing with SAST, DAST, IAST, and other methodologies, experience with Sonatype, Fortify, WebInspect, or Burp Suite or comparable tools
• Ability to clearly and effectively communicate concerns and issues to technical and non-technical stakeholders

Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled