Posted 1 week ago
Public Trust
Mid Level Career (5+ yrs experience)
$130,000 - $140,000
Engineering - Systems
Application Security Engineer
Location: Remote
Clearance: Public Trust
Employment Type: Full-time
Salary: 130k-140k
Company Description:
Big Impact Tech (BIT) is a Small Business providing IT and business management consulting to federal and commercial clients. We deliver mission-focused solutions in data, cloud, cybersecurity, and program management.
Role Overview:
The Application Security Engineer will support the secure development and testing of applications by leveraging specialized tools, implementing security controls, and ensuring compliance with federal standards. This role involves hands-on work with application security testing (SAST, DAST, IAST), vulnerability management, secure coding practices, and collaboration with development teams to protect enterprise web applications in a federal environment.
Responsibilities:
• Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite.
• Design and implement enterprise-wide security controls to secure applications, systems, networks, or infrastructure services.
• Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring, CWE, WASC, and SANS Top 25 vulnerabilities.
• Integrate security practices into development workflows using IDEs such as Eclipse, JDeveloper (including pipeline development), or Visual Studio.
• Perform application security testing and automation using tools such as OWASP ZAP, Burp Proxy, Selenium, and Interactive Application Security Testing (IAST) capabilities.
• Write and maintain bash scripts to support security automation, testing, and troubleshooting tasks.
• Participate in vulnerability discovery, triage, and remediation processes, including crowdsourced security programs via platforms like HackerOne.
• Work in Linux or UNIX environments, including navigating file systems and troubleshooting basic website connectivity and security issues.
• Ensure applications and security practices align with federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.
Qualifications:
• 6+ years of Information Technology experience
• 3+ years of experience with supporting Static Application Security Testing (SAST)
• Experience with Interactive Application Security Testing (IAST) capabilities and tools
• Experience with HackerOne
• Experience with Selenium
• Experience with writing bash scripts
• Experience with OWASP ZAP or Burp Proxy
• Ability to obtain security clearance
• HS diploma or GED
Additional Required Experience:
• 3+ years of experience with supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite
• 2+ years of experience with Java, Python, .NET, or C#
• 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
• Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
• Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
• Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
• Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
Location: Remote
Clearance: Public Trust
Employment Type: Full-time
Salary: 130k-140k
Company Description:
Big Impact Tech (BIT) is a Small Business providing IT and business management consulting to federal and commercial clients. We deliver mission-focused solutions in data, cloud, cybersecurity, and program management.
Role Overview:
The Application Security Engineer will support the secure development and testing of applications by leveraging specialized tools, implementing security controls, and ensuring compliance with federal standards. This role involves hands-on work with application security testing (SAST, DAST, IAST), vulnerability management, secure coding practices, and collaboration with development teams to protect enterprise web applications in a federal environment.
Responsibilities:
• Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite.
• Design and implement enterprise-wide security controls to secure applications, systems, networks, or infrastructure services.
• Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring, CWE, WASC, and SANS Top 25 vulnerabilities.
• Integrate security practices into development workflows using IDEs such as Eclipse, JDeveloper (including pipeline development), or Visual Studio.
• Perform application security testing and automation using tools such as OWASP ZAP, Burp Proxy, Selenium, and Interactive Application Security Testing (IAST) capabilities.
• Write and maintain bash scripts to support security automation, testing, and troubleshooting tasks.
• Participate in vulnerability discovery, triage, and remediation processes, including crowdsourced security programs via platforms like HackerOne.
• Work in Linux or UNIX environments, including navigating file systems and troubleshooting basic website connectivity and security issues.
• Ensure applications and security practices align with federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.
Qualifications:
• 6+ years of Information Technology experience
• 3+ years of experience with supporting Static Application Security Testing (SAST)
• Experience with Interactive Application Security Testing (IAST) capabilities and tools
• Experience with HackerOne
• Experience with Selenium
• Experience with writing bash scripts
• Experience with OWASP ZAP or Burp Proxy
• Ability to obtain security clearance
• HS diploma or GED
Additional Required Experience:
• 3+ years of experience with supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite
• 2+ years of experience with Java, Python, .NET, or C#
• 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
• Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
• Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
• Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
• Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues
group id: 91164055
