Edgewater is currently seeking an Application Security Engineer who will be a hands-on subject matter expert in Microsoft Azure cloud technologies, application security, security architectures, security tools, and methodologies. The Application Security Engineer will support our federal customer in the Washington DC. This is a hands-on technical role that will provide the right candidate with an exciting opportunity to develop the federal customer’s application security program, working with developers and the organization to meet the strategic security goals of the agency.
This is a remote position but requires the candidate to work at the federal site in Washington DC at least one day a month so candidates local to the Washington, DC area strongly preferred.
Responsibilities
Mature Application Security Program and implement measures throughout the code’s lifecycle to prevent gaps in the application security policy or the underlying system through flaws in the design, development, deployment, upgrade, or maintenance of the applicationLead and work closely with developer Agile teams to promote secure code development by providing security requirements throughout the development processAnalyze, design, develop, and operate programs, shell scripts, tests, and infrastructure automation capabilities in an advanced security contextPartner with agency software development teams and provides consultative security expertise; performs cross functional interviews with developers, and application partners to determine if application security controls are implemented correctlyCreate application security policies and standards as a part of the larger information security policy frameworkConduct technical testing focused on the identification of OWASP-type vulnerabilities in cloud, and web applications, along with associated APIs Implement security controls to rapidly detect and respond to information security incidents; participates as needed in security incidentsWork closely with the Security Engineering team to create and maintain Threat Models and associated remediation recommendationsLeverage NIST 800-53/FedRAMP assessment experience, technical, and program management skills to lead, plan, track, collaborate and report on the agency’s Application Security Posture ManagementLead application risk assessments and control gap analysis procedures, activities, documents, and communication plansBe a source of information security subject matter with an expertise in Azure, GitHub, and Application Security
Qualifications
Experience in securing Azure cloud infrastructure (i.e., inspection, logging, WAF, VM)Experience leveraging CI/CD deployment methodologies and infrastructure as code (IaC)Experience writing playbooks and scripts for automation tools including Terraform, Ansible for IaCDemonstrate proficiency with a scripting or coding language, preferably Python.Practical implementation and architectural experience in encryption techniques, including data at rest and in transitProficiency in automation and scripting, such as C#, Go, Java, Python, Rust, HTML, Terraform or JavaScript.Ability to discuss Information Security concepts such as defense in depth and zero trust.Demonstrate ability to communicate ideas both verbally and in writing to management, business and IT sponsors, and technical resources in language that is appropriate for each group.Ability to work collaboratively with developers across multiple departmentsAbility to work effectively in a fast-paced, project-oriented environmentAbility to prioritize and execute tasksStrong analytical and problem-solving skillsStrong technical acumen, communication, and influence skillsWorking knowledge of system hardening (CIS, STIGs, SRGs, regulatory compliance)Experience working with and supporting Unix/Linux and Windows systems.
Requirements
Bachelor’s degree in computer science or related fieldsMinimum of 8 years of experience in Information Security or related fieldsCISSP or equivalent (CompTIA Security+, CEH, or DoD equivalent)Experience with Code Scanner to analyze the code in a GitHub repository to find security vulnerabilities and coding errorsPreferred Certifications:
AZ-500: Microsoft Azure Security TechnologiesCASE - Certified Application Security EngineerCASS - Certified Application Security SpecialistEdgewater Federal Solutions is a privately held government contracting firm located near Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services, and timely delivery. Edgewater is ISO 9001, 20000-1, 27001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies from 2018 through 2023.
LI-KC1
Options Apply for this job onlineApplyShareEmail this job to a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Application FAQsSoftware Powered by iCIMS
www.icims.com