Application Security Engineer in Washington

Energy Jobline is the largest and fastest growing global Energy Job Board and Energy Hub. We have an audience reach of over 7 million energy professionals, 400,000+ monthly advertised global energy and engineering jobs, and work with the leading energy companies worldwide.

We focus on the Oil & Gas, Renewables, Engineering, Power, and Nuclear markets as well as emerging technologies in EV, Battery, and Fusion. We are committed to ensuring that we offer the most exciting career opportunities from around the world for our jobseekers.

Job Description

Application Security Engineer

Location: Remote

Clearance: Public Trust (Clearable)

Employment Type: Full-time

Salary: 130k-140k

Company Description:

Big Impact Tech (BIT) is a Small Business providing IT and business management consulting to federal and commercial clients. We deliver mission-focused solutions in data, cloud, cybersecurity, and program management.

Role Overview:

The Application Security Engineer will support the secure development and testing of applications by leveraging specialized tools, implementing security controls, and ensuring compliance with federal standards. This role involves hands-on work with application security testing (SAST, DAST, IAST), vulnerability management, secure coding practices, and collaboration with development teams to protect enterprise web applications in a federal environment.

Responsibilities:

• Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite.
• Design and implement enterprise-wide security controls to secure applications, systems, networks, or infrastructure services.
• Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring, CWE, WASC, and SANS Top 25 vulnerabilities.
• Integrate security practices into development workflows using IDEs such as Eclipse, JDeveloper (including pipeline development), or Visual Studio.
• Perform application security testing and automation using tools such as OWASP ZAP, Burp Proxy, Selenium, and Interactive Application Security Testing (IAST) capabilities.
• Write and maintain bash scripts to support security automation, testing, and troubleshooting tasks.
• Participate in vulnerability discovery, triage, and remediation processes, including crowdsourced security programs via platforms like HackerOne.
• Work in Linux or UNIX environments, including navigating file systems and troubleshooting basic website connectivity and security issues.
• Ensure applications and security practices align with federal compliance standards, including NIST 800-53, FIPS, or FedRAMP.

Qualifications:

• 6+ years of Information Technology experience
• 3+ years of experience with supporting Static Application Security Testing (SAST)
• Experience with Interactive Application Security Testing (IAST) capabilities and tools
• Experience with HackerOne
• Experience with Selenium
• Experience with writing bash scripts
• Experience with OWASP ZAP or Burp Proxy
• Ability to obtain security clearance
• HS diploma or GED

Additional Required Experience:

• 3+ years of experience with supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite
• 2+ years of experience with Java, Python, .NET, or C#
• 3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
• Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio
• Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25
• Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP
• Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues

If you are interested in applying for this job please press the Apply Button and follow the application process. Energy Jobline wishes you the very best of luck in your next career move.