Senior Application Security Engineer

Position Summary:

GSC is a leading cyber security and information technology company based in Washington, DC. We are looking to hire a Senior Security Application Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background and security clearance.

Job Requirements:

• Strong written and verbal communication skills
• Must have GitLab CI/CD pipeline experience
• Assist in the development and implementation of the DevSecOps strategy to include the definition and goals of the over-arching framework and methodologies
• Assist customers with implementing a secure CI/CD pipeline utilizing DevSecOps principles and practices to increase automation and reduce human involvement in the process
• Reviewing source code for potential security vulnerabilities
• Strong analytical skills to assess risks and vulnerabilities in complex systems
• Writing security test cases to check for vulnerabilities or broken/missing security controls.
• Implement automated security controls as part of CI/CD pipelines
• Support development teams with secure code (DAST, SAST, Dependency, Secret Detection, Container scans, etc.) reviews and other assessments to identify security weaknesses and vulnerabilities
• Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices
• Recommend cyber defense and vulnerability assessment tools
• Review and research monthly continuous monitoring controls documentation tasks that is required by OIS
• Continuous Process Improvement, actively contribute to the development of standardized operating procedures (SOPs) for API security testing
• Collaborate closely with cross-functional teams, including system administrators and Information System Security Officers (ISSOs)

Security Clearance Requirement:

• Active Public Trust and eligible to obtain a Secret clearance

Certifications/Licenses:

• At least Ten (10) years of experience working in cybersecurity or information technology with a bachelor’s degree. Minimum of 5 years’ experience in vulnerability management, application and software security team, Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling
• Solid experience in application security and software development in one or more programming languages such as C#, Java, Python, etc
• Experience with security tools such as SAST, DAST, IAST, SCA and other security tools
• Familiarity with industry-standard security frameworks such as OWASP, NIST, BSIMM etc
• Experience with CICD pipeline, security tools integration and secure SDLC

• Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
• CISSP, OSCP, any DevSecOps or other related Information Security certification
• Experience with cloud-based infrastructure (AWS, Azure, or GCP)