Senior Application Security Engineer

Position Summary: 

GSC is a leading cyber security and information technology company based in Washington, DC. We are looking to hire a Senior Security Application Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background and security clearance. 

Job Requirements: 

• Strong written and verbal communication skills 

• Must have GitLab CI/CD pipeline experience 

• Assist in the development and implementation of the DevSecOps strategy to include the definition and goals of the over-arching framework and methodologies 

• Assist customers with implementing a secure CI/CD pipeline utilizing DevSecOps principles and practices to increase automation and reduce human involvement in the process 

• Reviewing source code for potential security vulnerabilities  

• Strong analytical skills to assess risks and vulnerabilities in complex systems 

• Writing security test cases to check for vulnerabilities or broken/missing security controls. 

• Implement automated security controls as part of CI/CD pipelines 

• Support development teams with secure code (DAST, SAST, Dependency, Secret Detection, Container scans, etc.) reviews and other assessments to identify security weaknesses and vulnerabilities 

• Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices 

• Recommend cyber defense and vulnerability assessment tools 

• Review and research monthly continuous monitoring controls documentation tasks that is required by OIS 

• Continuous Process Improvement, actively contribute to the development of standardized operating procedures (SOPs) for API security testing 

• Collaborate closely with cross-functional teams, including system administrators and Information System Security Officers (ISSOs) 

Security Clearance Requirement: 

• Active Public Trust and eligible to obtain a Secret clearance 

Required Qualifications: 

• At least Ten (10) years of experience working in cybersecurity or information technology with a bachelor’s degree. Minimum of 5 years’ experience in vulnerability management, application and software security team, Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling. 

• Solid experience in application security and software development in one or more programming languages such as C#, Java, Python, etc. 

• Experience with security tools such as SAST, DAST, IAST, SCA, IaC and other security tools. 

• Familiarity with industry-standard security frameworks such as OWASP, NIST, BSIMM etc. 

• Experience with CICD pipeline, security tools integration and secure SDLC. 

• Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities. 

• CISSP, OSCP, any DevSecOps or other related Information Security certification. 

• Experience with cloud-based infrastructure (AWS, Azure, GCP or OCI).