×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager

Application Security Engineer

Job in Richmond, Henrico County, Virginia, 23214, USA
Listing for: TalentBurst, an Inc 5000 company
Contract position
Listed on 2026-03-10
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Application Security Engineer (ASE)
Richmond, VA (Hybrid, occasional visit required)
Video interview required
6 months contract to hire role

Overview

Virginia Tax is seeking an Application Security Engineer (ASE) with 5+ years of experience to join the Office of Technology under Joint Security Operations. In this role, the ASE serves as a dedicated security partner to application teams, providing guidance on secure design, vulnerability management, and secure development practices. The ASE works collaboratively across the SDLC to ensure security is embedded into application design, development, testing, and deployment.

This includes supporting compliance requirements, delivering training and education, and assisting teams with vulnerability remediation efforts.

Responsibilities
  • Provide security guidance, training, and best practices for development and operations teams.
  • Support secure software development by applying knowledge of SDLC, Agile, and Scrum methodologies.
  • Evaluate software architecture and design for security risks and alignment with Dev Sec Ops  principles.
  • Promote and enforce secure coding standards and guidelines.
  • Review source code to identify vulnerabilities and recommend remediation strategies.
  • Assess security risks across multiple programming languages (e.g., JavaScript, C#, Java, Ruby, SQL).
  • Analyze and secure modern web application architectures, including cloud, APIs, microservices, and client‑server models.
  • Identify and address common vulnerabilities, including those outlined in the OWASP Top 10.
  • Support vulnerability remediation, patch management, and continuous improvement efforts.
  • Utilize application security testing tools such as SAST, DAST, IAST, and platforms like Accunetix, Veracode, Jenkins, Splunk, Rapid7, and Tenable.
  • Interpret and act on findings from SIEM systems, including Splunk.
  • Apply knowledge of common security controls and frameworks.
  • Ensure compliance with relevant security regulations and standards (e.g., NIST 800‑53, IRS Pub 1075, PCI‑DSS).
  • Implement and evaluate AWS cloud security controls and best practices.
  • Create, maintain, and review System Security Plans (SSPs).
  • Troubleshoot and resolve complex technical and security‑related issues.
  • Stay current with evolving threats, technologies, and industry trends.
  • Develop detailed plans and communicate risks, impacts, and recommendations effectively.
  • Collaborate with application teams, QA engineers, and operations teams to integrate security into workflows.
  • Provide constructive, actionable feedback to application teams.
  • Communicate technical concepts clearly to both technical and non‑technical audiences.
  • Work closely with other security analysts and technology teams to support agency and enterprise security initiatives.
  • Manage multiple tasks, prioritize effectively, and meet deadlines.
  • Apply critical thinking to evaluate and mitigate security risks and vulnerabilities.
Required Skills / Experience
  • Five or more years of experience in application security.
  • Two or more years of experience with network or firewall/AWS Security Groups, including log collection, vulnerability scans and remediation, or privileged access management.
  • Strong understanding of security concepts, network protocols, and threat vectors.
  • Proficiency in SIEM, IDS/IPS, EDR, and other relevant security tools.
  • Excellent analytical and problem‑solving skills.
  • Strong communication, collaboration, and documentation skills.
  • Ability to work independently and as part of a team in a fast‑paced environment.
  • Experience with Splunk, Insight

    VM, Rapid7, Tenable, Cyber Ark, Jenkins, and Veracode.
  • Proficiency with Linux and Windows operating systems, including baseline hardening.
  • Experience with IIS and Apache, scripting languages, SQL, Power Shell, and firewall management.
Required Certifications
  • CompTIA Security+
  • ISC2 CC (Certified in Cybersecurity)
  • Offensive Security Certified Professional (OSCP)
  • CCSP (Certified Cloud Security Professional)
  • CSSLP (Certified Secure Software Lifecycle Professional)
Desired Certifications
  • AWS Solutions Architect (Associate/Professional)
  • AWS Security Specialty
  • CompTIA Pen Test+
  • Certified Ethical Hacker (CEH)
  • GIAC Certified Intrusion Analyst (GCIA)
#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search