NorfolkRecruiter Since 2001
the smart solution for Norfolk jobs

Applications Security Engineer

Company: Bay State Computers
Location: Norfolk
Posted on: May 3, 2021

Job Description:

We have an exciting opportunity for an Applications Security Engineer to join our team. The Applications Security Engineer functions to provide detailed analysis of development and COTS solutions web and client/server application security. The Application Security Engineer serves the needs of the agency by validating security controls and technical approaches for application security. Additionally, the Application Security Engineer shall assess the existing controls and recommend new solutions and policies to improve agency's security posture, act as a security subject matter expert on all projects and initiatives, and work to improve the end user cybersecurity awareness.

Key Responsibilities:

  • Day to Day Operations:

o Develop security awareness, guidance, and socialization materials for training, for internal applications teams.

o Review and provide consulting for IT security team members as part of security reviews and investigations.

o Monitor and investigate application security logs.

o Develop implement and improve application security logging, alerts, and incident response capabilities.

o Perform Cross functional internal teams and assist with architecture, threat modeling, and reviewing systems and infrastructure to identify vulnerabilities and weaknesses in architecture.

o Make appropriate vulnerability remediation recommendations, create socialization and technical analysis documentation, and collaborate with teams to implement those recommendations.

o Conduct vulnerability research and analysis for emerging threats, best practices, and architectural models for application architecture and dependencies.

o Audit, validate, and track application architecture vulnerabilities across presentation, data management and integration levels to report and prioritize risk to businesses.

o Perform Application penetration testing to examine target systems in detail, looking for vulnerabilities and weaknesses.

o Identify and implement application level security technical and process vulnerability remediations and improvements.

o Define and own metrics to determine effectiveness of security controls.

o Apply comprehensive hardening to infrastructure platforms, deployment code, and images.

o Architect, build, automate, and operate automated security controls/tools and review capabilities to detect vulnerabilities across all applications and services.

  • Structured Functions:

o Development of Web Applications and Dashboards using front-end languages, such as HTML, Java, JavaScript, PHP, .NET, SQL etc.

o Create and maintain Secure Software Development Life Cycle (SDLC) and secure SDLC models documentation for application development teams.

o Review, create and maintain security requirements of an application while in development.

o Define, maintain, and enforce application security polices, standards, and procedures.

o Perform manual and automated code review of applications.

o Assess track and prioritize vulnerabilities of applications.

o Provide detailed analysis and mitigations based on assessments and testing of applications.

o Prioritize remediation based on security ratings and the needs of the business.

o Create socialization and guidance materials for Security standards.

  • Incident Response:

o Lead Application Security Event Forensic Root Cause Analysis.

o Collaborate with incident coordinators and report to management of findings in real time.

o Perform IT Security Triage, Scoping, and Containment, and Mitigation activities in coordination with application owners.

o Complete documentation of IT Security events.

Required Experience/Skills:

  • Experience:

o Minimum three (3) to five (5) Years in Application, Web, and/or Database Management

o Minimum one (1) to two (2) years of work experience in an Application Security function.

o Experience with integration systems including managed file transfers, privileged access management and integration platforms as a service.

o Experience with Oracle and Microsoft Database environments

o Experience working in Virtualized and Cloud environments

o Experience with identity protection services such as Azure Identity Protection Services

o Experience implementing Azure MFA integrations.

o Experience with implementing modern authentication structures for authentication SAML, OIDC, and OAuth.

o Experience with Solution as a service and other cloud model architecture.

o Experience with AWS, Azure environments including log review, analytics, and security services.

o Experience testing APIs and mitigating open API vulnerabilities.

o Experience in pen testing and the MITRE ATT&CK framework.

o Experience troubleshooting Application and Operating system interactions

  • Functional Abilities, Knowledge and Skills

o Be a champion for security culture and excellence, exercise risk-based judgement and prioritize remediation work.

o Knowledge of IT control concepts such as zones of trust, zero trust, and privileged access management.

o Ability to self-manage with limited oversight.

o Excellent written and oral communication skills.

o Excellent interpersonal skills.

o Excellent judgment and problem-solving skills.

o Strong Knowledge of OWASP Top 10.

o Strong knowledge of application threat modeling.

o Static application security testing and dynamic application security testing.

o Ability to review and walkthrough code in real time for application code and script review.

o Ability to troubleshoot modern identification and integration services implementations.

  • Technical Abilities, Knowledge, and Skills

o Proficiency with Application vulnerability scanning and penetration tools such as BurpSuite, AppSpider, Kali, etc.

o Proficiency with Scripting and Coding languages including PowerShell and Python, or similar in a Windows Environment

  • Licenses or Certificates:

o Security+, SSCP, or CySA+ Certification

  • Must be available for 24/7 on call support for emergency response
  • Candidate must be a US citizen

Desired Experience/Skills:

  • Preferred Experience:

o Published work or contributions in related subject matter.

o Penetration Testing, Application Forensic and threat hunting certifications are a plus.

o Certified Application Security Engineer (CASE) or equivalent certification preferred.

o One (1) to three (3) years of experience in system/network security functional position in Windows environments.

o Familiarity with Linux.

o Experience developing quantitative evaluation metrics through the automation of analytics data collection and parsing.

o Experience with CIS, NIST, controls and other frameworks for on-prem and cloud environments

o Experience with Structured and Unstructured Data.

o Experience with Container platforms such as Docker.

o Experience with Regex, log analytics and application log parsing.

  • General Preferences:

o Experience in Transit and Operational Technologies a plus.

Education: Bachelor's degree in Computer Science, Application development, Cyber security, or related field.

Benefits: Full-time employees (permanent or contract employees who are employed for a term greater than 6 months) are eligible for benefits including time-off benefits, such as vacations and holidays, and insurance and other plan benefits.

Location: Norfolk, VA

About Us:

Bay State Computers, Inc. is a professional services firm and a leading provider of Information Technology (IT) services and products to the U.S. Federal Government and Industry. Bay State brings together experienced IT professionals and the latest state-of-the-art technology tools, practices, and products to support projects and task order requirements for our customers. For more information about Bay State visit our website and connect with us on LinkedIn.

Bay State Computers, Inc. is an Equal Opportunity/Affirmative Action Employer. All qualified candidates will receive consideration for this position regardless of race, color, creed, religion, national origin, age, sex, citizenship, ethnicity, veteran status, marital status, disability, or any other characteristic protected by applicable law.

Keywords: Bay State Computers, Norfolk , Applications Security Engineer, Other , Norfolk, Virginia

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Other Other Jobs

Stocking & Unloading - FRANKLIN - 23620
Description: What you apos ll do at Stocking, backroom, receiving associates work to ensure customers can find all of the items they have on their shopping list. Depending on the shift you work, your job could (more...)
Company: walmart
Location: FRANKLIN
Posted on: 05/13/2021

Retail Merchandise Specialist (MVR Required)
Description: p /p p O apos Reilly is now hiring Retail Merchandise Specialists who are responsible for keeping the sales floor area well stocked, organized, and clean. They are also responsible for stocking merchandise (more...)
Company: O'Reilly Auto Parts
Location: Emporia
Posted on: 05/13/2021

Description: Thank you for considering a career at Bon Secours ESSENTIAL JOB FUNCTIONS: Prepares surfaces for painting, or wall paper by techniques such as washing, scraping, sanding, wire brushing and filling joints (more...)
Company: Bon Secours Health System
Location: Franklin
Posted on: 05/13/2021

Adjunct - Spanish
Description: Seeking adjunct faculty to teach Spanish courses. Adjunct faculty
Company: State Of virginia
Location: Suffolk
Posted on: 05/13/2021

Virginia CRNAs Needed | Paid Travel & Lodging- Part-Time/Contract, Locums/Travel (Franklin)
Description: Anesthesiology opening in , Virginia. This and other crna jobs brought to you by NursingJobCafe.comMedicus Healthcare Solutions is looking for CRNA to provide coverage for a facility in northern Virginia. (more...)
Company: Medicus Healthcare Solutions
Location: Franklin
Posted on: 05/13/2021

Childcare Teacher Assistant/Floater
Description: SummaryWe are currently seeking dedicated, friendly, nurturing caregivers who are trained in Early Childhood Development, Early Childhood Education, or a related field. You must be dependable, flexible, (more...)
Company: Unique Little Hands II
Location: Franklin
Posted on: 05/13/2021

Receiver Stocker Overnight Part Time - Franklin - 23620
Description: What You Will Do All Lowes associates deliver quality customer service while maintaining a store that is clean, safe, and stocked with the products our customers need. As a Receiver/Stocker, this means: (more...)
Company: lowes
Location: Franklin
Posted on: 05/13/2021

Part-time Evening General Cleaner / Janitor
Description: p span style font-size:12pt strong Peninsula Cleaning Services, Inc. /strong of Newport News, VA is looking to hire a strong part-time evening General Cleaner / Janitor /strong to clean commercial (more...)
Company: Peninsula Cleaning
Location: Suffolk
Posted on: 05/13/2021

Granite Fabricator
Description: Trindco Premium Countertops is growing and has immediate openings for experienced stone fabricators.
Company: Trindco Premium Countertops
Location: Suffolk
Posted on: 05/13/2021

Receiving Associate
Description: Walmart Supercenter - 2150 Us 13 South - Retail Associate / Store Receiver
Company: Walmart
Location: Ahoskie
Posted on: 05/13/2021

Log In or Create An Account

Get the latest Virginia jobs by following @recnetVA on Twitter!

Norfolk RSS job feeds