Scout Solutions Inc Defunct
Application Security Engineer - TS/SCI
Scout Solutions Inc Defunct, Bethesda, Maryland, us, 20811
Application Security Engineer - TS/SCILocation:
Bethesda, MD (Hybrid)Security Clearance:
TS/SCI clearance with the ability to obtain and maintain TS/SCI with PolygraphOur Client is seeking a dedicated
Application Security Engineer
to join our team in support of the Defense Intelligence Agency's National Media Exploitation Center (DIA-NMEC) under our 10-year DOMEX Technology Platform (DTP) contract. As a Mid-Level Application Security Engineer, you will play a crucial role in enhancing the security posture of our software development lifecycle. We are looking for individuals who thrive in dynamic, fast-paced environments and possess a strong aptitude for cross-functional collaboration across various stages of development, production, and quality assurance.
Responsibilities:
Integrate security best practices into the software development life cycle (SDLC) and ensure security is embedded from design to deployment.Utilize Microfocus Fortify and other SAST tools to analyze source code for vulnerabilities.Work closely with development teams to remediate identified security issues.Implement and manage Black Duck SCA tools from Synopsys to identify and manage open-source component risks.Provide guidance on secure usage of third-party libraries and components.Conduct security assessments using Microfocus WebInspect and other DAST tools.Collaborate with development teams to address and remediate dynamic security findings.Implement and manage container security tools, with a focus on Anchore, to ensure secure container deployments.Provide recommendations for secure container orchestration.Work on ensuring systems and applications comply with Security Technical Implementation GuideMinimum Requirements:
Bachelor's degree in computer science, Information Security, or related field and 3+ years of prior experience in application security with a focus on SAST, SCA, DAST or Master's with 1-2 years of prior experience in application security with a focus on SAST, SCA, DASTMust possess TS/SCI clearance with the ability to obtain and maintain TS/SCI with Polygraph.Experience in system integrations testing through a full system development life cycle, including implementing test plans, test cases and test processes.Strong experience with Microfocus Fortify, Black Duck, Microfocus WebInspect, Anchore, or similar products.Knowledge of secure coding practices and integration into SDLCFamiliarity with common security frameworks and standardsStrong programming/scripting skillsExcellent communication and collaboration skillsWorking in an Agile project management environmentEnthusiastic with the ability to work well on a team and a self-starter who can work on their own.Preferred Qualifications:
Knowledge of Atlassian software such as JIRA, JIRA Service Desk, and ConfluenceExperience with data engineering tools such as Kubernetes/Rancher, ClouderaExperience with Configuration Management and IaC tools such as Salt or AnsibleExperience with scripting languages, CI/CD tools, Elasticsearch, or GitlabExperience working in an air-gapped environmentsExperience working in large computing environments (> 1,000 end-points)
Bethesda, MD (Hybrid)Security Clearance:
TS/SCI clearance with the ability to obtain and maintain TS/SCI with PolygraphOur Client is seeking a dedicated
Application Security Engineer
to join our team in support of the Defense Intelligence Agency's National Media Exploitation Center (DIA-NMEC) under our 10-year DOMEX Technology Platform (DTP) contract. As a Mid-Level Application Security Engineer, you will play a crucial role in enhancing the security posture of our software development lifecycle. We are looking for individuals who thrive in dynamic, fast-paced environments and possess a strong aptitude for cross-functional collaboration across various stages of development, production, and quality assurance.
Responsibilities:
Integrate security best practices into the software development life cycle (SDLC) and ensure security is embedded from design to deployment.Utilize Microfocus Fortify and other SAST tools to analyze source code for vulnerabilities.Work closely with development teams to remediate identified security issues.Implement and manage Black Duck SCA tools from Synopsys to identify and manage open-source component risks.Provide guidance on secure usage of third-party libraries and components.Conduct security assessments using Microfocus WebInspect and other DAST tools.Collaborate with development teams to address and remediate dynamic security findings.Implement and manage container security tools, with a focus on Anchore, to ensure secure container deployments.Provide recommendations for secure container orchestration.Work on ensuring systems and applications comply with Security Technical Implementation GuideMinimum Requirements:
Bachelor's degree in computer science, Information Security, or related field and 3+ years of prior experience in application security with a focus on SAST, SCA, DAST or Master's with 1-2 years of prior experience in application security with a focus on SAST, SCA, DASTMust possess TS/SCI clearance with the ability to obtain and maintain TS/SCI with Polygraph.Experience in system integrations testing through a full system development life cycle, including implementing test plans, test cases and test processes.Strong experience with Microfocus Fortify, Black Duck, Microfocus WebInspect, Anchore, or similar products.Knowledge of secure coding practices and integration into SDLCFamiliarity with common security frameworks and standardsStrong programming/scripting skillsExcellent communication and collaboration skillsWorking in an Agile project management environmentEnthusiastic with the ability to work well on a team and a self-starter who can work on their own.Preferred Qualifications:
Knowledge of Atlassian software such as JIRA, JIRA Service Desk, and ConfluenceExperience with data engineering tools such as Kubernetes/Rancher, ClouderaExperience with Configuration Management and IaC tools such as Salt or AnsibleExperience with scripting languages, CI/CD tools, Elasticsearch, or GitlabExperience working in an air-gapped environmentsExperience working in large computing environments (> 1,000 end-points)