Application Security Engineer

As a Web Application Security Engineer, you will provide technical expertise and solutions to remediate persistent and challenging portfolio-wide vulnerabilities. We’re looking for someone who has a passion for IT, resourceful problem-solving abilities, and a desire to learn our indicators of success in this role. The ideal candidate will have a breadth of experience across various application and web-based technologies. The candidate does not need deep experience in all domains but should have a good understanding of how the different layers of an enterprise application stack interact.

You will work directly with system admin teams to assist and remediate vulnerabilities and harden environments, while providing recommendations to enhance vulnerability management. Additionally, you will collaborate with a team to develop proactive solutions to improve our enterprise security posture through process streamlining and automation.

Responsibilities include:

• Providing subject matter expertise for risk assessments, working in an Agile environment with an understanding of the full software development lifecycle.
• Advocating for and ensuring security practices are communicated and implemented within application development portfolios.
• Securing multiple areas of an enterprise application stack, including OS, Database, Application Server, Load Balancer, and Web Server layers. Understanding PKI/TLS certificates is essential.
• Collaborating with application development and security assurance teams to understand, remediate, or baseline vulnerability findings.
• Documenting and sharing security findings and remediation strategies in an enterprise knowledge base.
• Supporting the Information Assurance Branch and SOC with scan analysis and partnering with development teams on security findings.

Required:

• Ability to obtain a U.S. government Security Clearance
• Master's Degree with 3 years of relevant experience, OR
• Bachelor's Degree with 5 years of relevant experience, OR
• No degree with 9 years of relevant experience

Preferred:

• Experience as a Developer or Systems Administrator
• Knowledge of technologies like Maven, Gradle, GIT, Jenkins, Ansible, Java, C#/.NET, Apache Tomcat, Apache HTTP Server, IIS, F5, Oracle, MSSQL Server, Postgres
• Experience with AWS and Azure Gov Clouds
• Ability to analyze DISA STIG audit results and recommend resolutions
• Skills in analyzing security environments and providing recommendations
• Knowledge of JIRA, Service Now, or similar tools
• Experience with OS and dynamic application security testing tools like Invicti, Web Inspect, DAST/IAST suites
• Proficiency in Python automation

Certifications:

• CEH, GFACT, GPEN, OSCP, or other relevant industry certifications
• Other application-specific technology certifications

Steampunk determines salary based on factors like location, requirements, education, skills, and experience. The projected salary range is $100,000 to $155,000 annually, representing a typical range. Salary is part of the total compensation package, which includes additional benefits. Learn more about Steampunk’s benefits on our website.

Applicants are expected to be on camera during interviews and assessments for identity verification. We may take your picture to prevent fraud.

Steampunk is a Change Agent in the Federal contracting industry, innovating in sectors like Homeland, Civilian, Health, and DoD. Our Human-Centered delivery methodology fosters shared accountability in solving mission challenges. As an employee-owned company, we invest in our employees’ growth and reward outstanding contributions. Learn more at our website.

We are an equal opportunity employer, and all qualified applicants will receive consideration regardless of race, color, religion, sex, national origin, disability, veteran status, or other protected characteristics. We participate in the E-Verify program.