Application Security Engineer
Apply NowCompany: ShorePoint Inc.
Location: Herndon, VA 20171
Description:
Who we are:
ShorePoint is a fast-growing, industry recognized, and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a "work hard, play hard" mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion, and a focus on giving back to our community.
The Perks:
As recognized members of the Cyber Elite, we work together in partnership to defend our nation's critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individual technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 80% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement, etc.
Who we're looking for:
We are seeking an Application Security Engineer with expertise in Veracode and a strong background in application security testing. You will play a key role in securing enterprise applications by identifying vulnerabilities, integrating security best practices, and ensuring compliance with federal security standards. The Application Security Engineer role will focus on performing SAST and DAST testing, collaborating with developers, and designing security controls. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market.
What you'll be doing:
What you need to know:
Must have's:
Beneficial to have the following:
Where it's done:
ShorePoint is a fast-growing, industry recognized, and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a "work hard, play hard" mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion, and a focus on giving back to our community.
The Perks:
As recognized members of the Cyber Elite, we work together in partnership to defend our nation's critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individual technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 80% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement, etc.
Who we're looking for:
We are seeking an Application Security Engineer with expertise in Veracode and a strong background in application security testing. You will play a key role in securing enterprise applications by identifying vulnerabilities, integrating security best practices, and ensuring compliance with federal security standards. The Application Security Engineer role will focus on performing SAST and DAST testing, collaborating with developers, and designing security controls. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market.
What you'll be doing:
- Perform Static and Dynamic Application Security Testing (SAST & DAST) using Veracode to identify and remediate vulnerabilities.
- Collaborate with development teams to integrate security best practices into IDE environments such as Eclipse, JDeveloper, or Visual Studio.
- Conduct in-depth security assessments for enterprise applications, using tools like Burp Suite, OWASP ZAP, and Selenium to ensure secure coding practices.
- Implement enterprise-wide security controls to protect applications, networks, and infrastructure services.
- Ensure compliance with federal security standards, including NIST 800-53, FIPS, and FedRAMP.
- Troubleshoot and secure Linux/UNIX environments, including addressing website connectivity and security issues.
- Utilize security frameworks (e.g., OWASP Top 10, CVSS, CWE, WASC, SANS-25) to analyze and mitigate risks.
- Support security automation by writing Bash scripts and developing security pipelines.
What you need to know:
- Expertise in Veracode for SAST, DAST, and IDE Plug-in environments.
- Programming skills in Java, Python, .NET, or C# for secure coding and remediation.
- Experience conducting security assessments with Burp Suite, OWASP ZAP, and Selenium.
- Proven ability to design and implement enterprise-wide security controls for applications, networks, and infrastructure.
- Strong knowledge of federal security compliance standards, including NIST 800-53, FIPS, and FedRAMP.
- Experience securing enterprise web applications using OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
- Familiarity with Linux/UNIX environments for troubleshooting and securing web applications.
- Ability to automate security processes through Bash scripting and pipeline development.
Must have's:
- 6+ years of Information Technology experience.
- 3+ years of experience with supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode.
- 3+ years of experience with Burp Suite.
- 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
- 2+ years of experience with Java, Python, .NET, or C#.
- Demonstrated ability to apply critical thinking in decomposing complex requirements into actionable tasks and processes.
- Experience with Eclipse, JDeveloper or Visual Studio, including pipeline development.
- Experience securing enterprise web applications and applying OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
- Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.
- Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues.
- U.S. citizenship in compliance with federal contract requirements.
Beneficial to have the following:
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Mathematics, Engineering or a related field.
- Industry recognized certifications.
- Experience with IAST (Interactive Application Security Testing) capabilities and tools.
- Experience with Selenium for security testing.
- Experience writing Bash scripts to automate security processes.
- Experience with OWASP ZAP or Burp Proxy.
Where it's done:
- Remote (Herndon, VA).