Virginia Department of Taxation is hiring an Application Security Engineer

The Virginia Department of Human Resource Management is hiring an Application Security Engineer to champion security throughout the Software Development Life Cycle. You will serve as a key connection point between application engineering teams and security operations to ensure applications and environments are built with strong security controls.

What You'll Do

• Review system architectures and develop and maintain system security plans.
• Guide teams on secure development practices and ensure adherence to security policies and standards.
• Empower application teams to design, deliver, and operate secure applications and environments.
• Influence engineering practices and promote a security-first culture across the organization.

What We're Looking For

• Experience providing information security guidance and training.
• Knowledge and experience with application development and security architecture.
• Knowledge of secure coding standards and the ability to identify security flaws in source code.
• Knowledge of vulnerability remediation and patch management for applications.
• Experience with SAST, DAST, and IAST security testing tools.
• Knowledge and experience with Web Application Firewalls (WAFs) and AWS Security Groups implementation strategies.
• Experience with and understanding of security information and event management (SIEM) systems.
• Knowledge and experience with AWS services including Security Hub, GuardDuty, IAM, CloudTrail, and others.
• Knowledge and understanding of relevant security regulations and standards.
• Comprehensive knowledge of a System Security Plan (SSP) and experience in creating and maintaining an SSP.

Nice to Have

• CompTIA Security+, Certified Cloud Security Professional (CCSP), ISC2 CC (Certified in Cybersecurity), AWS Certified Security, AWS Solutions Architect (Associate/Professional), or AWS Security Specialty.

Technical Stack

• SAST/DAST/IAST tools
• Web Application Firewalls (WAFs)
• AWS Security Groups
• SIEM systems
• AWS services including Security Hub, GuardDuty, IAM, and CloudTrail

Team & Environment

You will be part of the Office of Technology’s Application Security unit.

Benefits & Compensation

• Compensation commensurate with experience up to $100,000.
• Flexible schedule options and up to two days of telework per week.
• 12 Paid State holidays plus vacation, sick, volunteer, and personal leave.
• Comprehensive and affordable health benefits.
• Potential eligibility for the Public Service Loan Forgiveness program.
• Participation in the Virginia Retirement System, VA 457 Deferred Comp, and more.

Work Mode

This is a hybrid position based at the Main Street Center in Richmond, Virginia.

Virginia Tax is an equal opportunity employer that values diversity in the workforce. All qualified applicants are afforded equal opportunities without regard to race, sex, color, national or ethnic origin, religion, genetics, age, veteran status, political affiliation, or disability.