Senior Application Security Engineer

Position Summary

GSC is a leading cyber security and information technology company based in Washington, DC. We are looking to hire a Senior Security Application Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background and security clearance.

• Strong written and verbal communication skills
• Must have Git Lab CI/CD pipeline experience
• Assist in the development and implementation of the Dev Sec Ops  strategy to include the definition and goals of the over-arching framework and methodologies
• Assist customers with implementing a secure CI/CD pipeline utilizing Dev Sec Ops  principles and practices to increase automation and reduce human involvement in the process
• Reviewing source code for potential security vulnerabilities
• Strong analytical skills to assess risks and vulnerabilities in complex systems
• Writing security test cases to check for vulnerabilities or broken/missing security controls.
• Implement automated security controls as part of CI/CD pipelines
• Support development teams with secure code (DAST, SAST, Dependency, Secret Detection, Container scans, etc.) reviews and other assessments to identify security weaknesses and vulnerabilities
• Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices
• Recommend cyber defense and vulnerability assessment tools
• Review and research monthly continuous monitoring controls documentation tasks that is required by OIS
• Continuous Process Improvement, actively contribute to the development of standardized operating procedures (SOPs) for API security testing
• Collaborate closely with cross‑functional teams, including system administrators and Information System Security Officers (ISSOs)

• Active Public Trust and eligible to obtain a Secret clearance

• At least Ten (10) years of experience working in cybersecurity or information technology with a bachelor’s degree. Minimum of 5 years’ experience in vulnerability management, application and software security team, Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling.
• Solid experience in application security and software development in one or more programming languages such as C#, Java, Python, etc.
• Experience with security tools such as SAST, DAST, IAST, SCA, IaC and other security tools.
• Familiarity with industry-standard security frameworks such as OWASP, NIST, BSIMM etc.
• Experience with CICD pipeline, security tools integration and secure SDLC.
• Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities.
• CISSP, OSCP, any Dev Sec Ops  or other related Information Security certification.
• Experience with cloud-based infrastructure (AWS, Azure, GCP or OCI).