The Application Security Engineer will lead the integration of security practices throughout the Software Development Life Cycle. This individual will act as a bridge between application teams and security operations, focusing on proactive identification, assessment, and remediation of security vulnerabilities to support secure application development and operations.
Responsibilities
- Advocate for security integration at every stage of the software development lifecycle
- Serve as a primary liaison between application and engineering teams and joint security operations
- Proactively detect, document, evaluate, and assist in resolving security vulnerabilities
- Ensure applications and environments are developed and maintained with robust security controls
- Evaluate and analyze system architectures for security effectiveness
- Create and manage system security plans (SSP)
- Provide guidance on secure coding and development practices
- Enforce compliance with organizational security policies and industry standards
- Enable application teams to build, deploy, and manage secure systems
- Foster a culture prioritizing security across all levels of the organization
Requirements
- Experience delivering information security guidance and conducting training sessions
- Familiarity with application development processes and security architecture design
- Understanding of secure coding principles and the ability to detect security issues in source code
- Knowledge of vulnerability remediation techniques and application patch management
- Hands-on experience with SAST, DAST, and IAST security testing tools such as Accunetix, Veracode, Jenkins, Splunk, Rapid7, and Tenable
- Experience implementing Web Application Firewalls (WAFs) and AWS Security Groups for application protection
- Working knowledge of SIEM systems including Splunk, Azure Sentinel, or IBM QRadar
- Proficiency with AWS security services including Security Hub, GuardDuty, Inspector, Config, CloudWatch, S3, IAM, CloudTrail, EC2, CodePipelines, KMS, and Secrets Manager
- Understanding of key security frameworks and regulations such as NIST 800-53, IRS Pub 1075, PCI-DSS, OWASP Top 10, MITRE ATT&CK, CIS Benchmarks, and the NIST Cybersecurity Framework
- Demonstrated experience developing and maintaining System Security Plans (SSP)
Nice to Have
- CompTIA Security+ certification
- Certified Cloud Security Professional (CCSP)
- ISC2 Certified in Cybersecurity (CC)
- AWS Certified Security certification
- AWS Solutions Architect (Associate or Professional)
- AWS Security Specialty certification
Tech Stack
Accunetix, Veracode, Jenkins, Splunk, Rapid7, Tenable, AWS Security Hub, AWS GuardDuty, AWS Security Groups, AWS Inspector, AWS Config, AWS CloudWatch, AWS S3 Buckets, AWS IAM, AWS CloudTrail, AWS EC2, AWS CodePipelines, AWS KMS, AWS Secrets Manager, Azure Sentinel, IBM QRadar, Web Application Firewalls (WAFs), SIEM, SAST, DAST
Benefits
- Stable employment with strong quality of life
- Flexible scheduling options
- Up to two days of telework per week
- 12 paid state holidays
- Vacation leave
- Sick leave
- Volunteer leave
- Personal leave
- Comprehensive and affordable health benefits
- Eligibility for the Public Service Loan Forgiveness program
- Participation in the Virginia Retirement System
- VA 457 Deferred Compensation plan
- Additional employee benefits
Compensation
Commensurate with experience up to $100,000
Work Arrangement
hybrid — Main Street Center, Richmond, Virginia — Hybrid schedule: 3 days in the office (Tuesday, Wednesday, Thursday) and 2 days teleworking (Monday and Friday)
Team
Member of the Office of Technology’s Application Security unit
- Comprised of dedicated and resourceful professionals committed to exceeding customer expectations
- Serves the public and operates as part of the public sector
- Part of a supportive community that values and celebrates its members
- Promotes internal growth within a stable environment
- Supports a healthy work-life balance
- Values workforce diversity
- Equal opportunity employer
Additional Information
- Candidate must live within 50 miles of the Richmond office to qualify for this role
- This position does not support visa sponsorship or F-1 STEM OPT (I-983) students
- Selected candidate must consent to and pass a background check including fingerprint-based criminal history, tax compliance, and DMV driving record review (if applicable)
- A valid driver’s license is required for selected candidates
- Selected candidate is prohibited from providing tax or accounting services for compensation during or outside work hours
- The agency participates in E-Verify
- Interview consideration is based solely on the content of the application and resume
- Reasonable accommodations are available for applicants with disabilities upon request
- Veterans and individuals with disabilities are encouraged to apply via the Commonwealth Alternative Hiring Process
- Applicants must have a Certificate of Disability (COD) issued by DARS or DBVI to qualify under the alternative hiring process
Not eligible for sponsorship
