Valiant Solutions
Senior Application Security Engineer
Valiant Solutions, Washington, District of Columbia 20036
Position Description Do you have experience with static code analysis tools and modern CI/CD pipelines? We’re looking for a Senior Application Security Engineer to help our client build their AppSec program. This new and exciting role will allow you to lead the design and implementation effort before pivoting to operations and continuous advancement. The Senior AppSec Engineer will be responsible for designing, implementing, and operating our client’s SAST “product,” with a SaaS tool being the foundation for the product. The successful candidate will have prior experience operating SAST tools, with preference given for Fortify SaaS experience. This role involves owning the design and leading the engineering of the product. That requires excellent communication, writing, and presentation skills. Our client’s environment is fast-paced. Regular video conferencing, email, and chat are required during core business hours. The AppSec program is in its infancy and will be rolled out enterprise-wide. Integration needs to take place with 60 FISMA systems of varying sizes. Valiant Solutions is a company that cares about its employees- we've been named one of the Best Places to Work in the Washington DC area TEN years in a row If you are interested in learning more about Valiant and this opportunity, we invite you to apply now This position allows for 100% remote work. Remote work necessitates a high-level trust in our employees and we strictly adhere to the details found below in our Remote Work Policy. Required Experience: 5 years of hands-on experience in SDLC software development, troubleshooting vulnerabilities, and implementing remediation practices. Ability to recommend remediation strategies to developers 5 years of experience working in enterprise cloud environments (e.g., AWS, Azure, Google Cloud) IaaS, PaaS and SaaS Bachelor’s degree in Computer Science, Information Systems, Engineering, or other related scientific or technical field, or at least 8 years of IT experience and no degree requirement 3 years as a senior engineer leading efforts in AppSec (SAST, SCA) and/or DevSecOps for developers/engineers 2 years of demonstrable experience in configuring SAST and SCA tools (e.g., Fortify, Snyk, Veracode) and leveraging AppSec concepts and principles 2 years of experience deploying or accessing AWS services, with demonstrable experience with AWS API automation 2 years of advanced-level CI/CD experience, including building and maintaining pipelines, automating AppSec tools, and integrating reporting mechanisms 5 years of fluency in one or more high-level programming languages (e.g., Python, Java, JavaScript) within an enterprise environment. Experience with source code management tools (e.g., GitHub, Bitbucket) 2 years supporting code scanning within the SDLC and modern CI/CD pipelines (e.g., GitHub Actions, Jenkins) 5 years of experience triaging and supporting developer requests for vulnerability investigation using tools like JIRA, GitHub, or ServiceNow 2 years of experience training users on AppSec tools usage and DevSecOps best practices Experience with SCRUM and/or SAFe (Scaled Agile Framework) methodologies in a development or operational environment Proven success in managing and excelling in ambiguous environments, demonstrating resilience and grit to drive results despite uncertain or evolving conditions. Must be a self-starter who can drive initiatives independently, establish structure, and provide clarity without requiring close supervision or hand-holding in dynamic or less-defined settings Preferred Qualifications: AWS Certifications Software Provenance & Supply Chain Security: 2 years of experience with software provenance, following Supply-chain Levels for Software Artifacts (SLSA), and working with code signing practices Experience using quality gates to ensure software meets release thresholds Responsibilities: Design and implement the client’s AppSec program, including tool deployment and configuration. Integrate SAST tools into customer deployment pipelines Develop all relevant documentation, including diagrams and concept of operations (CONOPS) Create compliance documentation and collaborate with the Product Manager (PM) to ensure system adherence Actively own and deliver assigned on-boarding applications through assessment, training, configuration and tuning phases Act as a technical liaison between the product team and consumers Present solutions to technical teams and client leadership. Troubleshoot SAST tool-related issues and code vulnerabilities, recommending code solutions as needed About Valiant Solutions Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. We are a HUBZone small business and we encourage all candidates who live in a HUBZone to apply. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you’ll learn to think quickly on your feet and expand your own personal and professional skill set. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect – and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today. Benefits Snapshot (includes, but not limited to) Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees Valiant contributes 25% towards Health Coverage for Family and Dependents 100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees 100% Paid Certifications 401K Matching up to 4% Paid Time Off Paid Federal Holidays Paid Time On – 40 hours to pursue innovation Valiant University – Online Education and Training Portal Wellness & Fitness Program Reimbursement for Public Transit and Parking FSA programs for: Medical Costs, Dependent Care, Transit, and Parking Referral Bonuses The salary range for this position is a general guideline and not a guarantee of compensation or salary. It has been benchmarked in relation to the scope of the role, market rate, and internal equity. The salary for this role is expected to be in the $145,100 - $155,500 range. Where a candidate falls within the band can be determined based on one or more of the following: skillset, experience level, achievements, education, geographic location, security clearance, involvement in corporate tasks, and other non-discriminatory factors. In addition to the base salary, this role will include benefits as described above. Valiant reserves the right to adjust the salary range, experience requirements, and position responsibilities at any time without prior notice. Remote Work Policy Remote work necessitates a high level of trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention and availability to their job duties during working hours, and maintain a schedule during core business hours that align with those of their coworkers and Valiant's clients. In alignment with Valiant's inclusive and engaging environment, cameras are encouraged and can be required to be on during virtual video conferences. Additionally, in alignment with the Office of the Inspector General’s effort to eliminate conflicting employment, all Valiant employees are required to disclose any current or future outside employment engagements. During onboarding and throughout employment, employees must disclose any current activities or intent to engage in outside employment or other professional activities and obtain written approval. Employees may not solicit or conduct any outside business during core business hours for Valiant Solutions and our clients. Equal Employment Opportunity Valiant Solutions is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex (including pregnancy, sex stereotyping, gender identity, gender expression or transgender status), religion, age, marital status, sexual orientation, military/veteran status, physical or mental disability, genetic information/history or any other personal characteristic protected by law. Physical Demands Sitting or standing at a desk for prolonged periods of time and consistent operation of a computer. Frequent communication and exchanging of accurate information via electronic communication, phones, and in person. Occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job. Authorization to Share Resume and Personal Information By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as, personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.