Application Security Engineer

Posted May 23

About Our Team

At i4DM, our core values of People Matter, Integrity, and a Commitment to Excellence drive all that we do. By joining i4DM, you’ll become a part of a fun and diverse team of talented and creative consultants who share the goal of using the latest technology to solve business challenges. We provide our clients with a dynamic mix of services and deliver focused solutions like no one else.

We're seeking talented and bright team players who are passionate about technology and want to work in a fast-paced, dynamic, and ego-free culture while applying a creative approach to problem-solving. Team members who like to grow their skill sets while solving challenging, real world business problems thrive at i4DM.

About the Role

i4DM is seeking an Application Security Engineer, with Fortify experience, to join our fast-growing IT-project based consulting business. We're looking for a well-rounded team member to bring in- depth experience and knowledge of security concepts, threat, threat modeling, vulnerability exploitation, and common website and application vulnerabilities to our team. Our engineer conduct the review of software applications and systems from a security and privacy perspective to ensure our clients are protected. These scans ensure that our Nation's Veterans are able to register for the benefits to which they are entitled.

We're seeking talented and bright team players who are passionate about technology and want to work in a fast-paced, dynamic, and ego-free culture while applying a creative approach to problem-solving. By joining our team, you’ll become a part of a fun and diverse team of talented and creative people who share the goal of using the latest technology to solve business challenges. You’ll work with a team to help our client overcome their most difficult challenges in the cloud. Additionally, you’ll grow your skills in areas like cloud-based security, agile at scale, and multi-cloud architectures.

RESPONSIBILITIES

  • Work on an Agile Team to leverage Fortify to ensure application security.
  • Understand and be comfortable explaining OWASP top 10.
  • Conduct initial triage assessments of findings from network security appliances.
  • Explain in detail common attack vectors such as buffer overflows, SQL injection, CSRF, XSS, to both software developers and management.
  • Be a source of information security subject matter with an expertise in Web Application Security.
  • Security assessments, with and without source code access
  • Conduct the review of software applications and systems from a security and privacy perspective; review and contribute Agency Standards used in the solution security review process and provide security recommendations and better practices regarding secure software development in waterfall, agile, and DevOps methods.
  • Review application designs: work with development teams to review application designs and provide feedback on security best practices. This will include evaluating application architectures, reviewing security requirements, and identifying potential security risks.
  • Provide security guidance to development teams on security best practices, including secure coding practices, vulnerability scanning, and penetration testing.
  • Implement code changes to remediate security issues.
  • Work independently and track each release/schedule.
  • Take initiative to run scans/execute approved application security process without explicit direction.

QUALIFICATIONS

  • Practical, on the job experience with Fortify, Fortify On-Demand, Web Inspect, Eclipse, Visual Studio Team Suite
  • Minimum 2 years' experience with Java and Microsoft technologies such as C# and ASP.NET, as well as common open source code (JQuery, Typescript, etc.)
  • Practical, on the job experience with AWS cloud platform
  • In depth experience and knowledge of security concepts, threat, threat modeling, vulnerability exploitation, and common website and application vulnerabilities including but not limited to, SQL Injection, Cross-site scripting (XSS) and Session Management
  • A holistic understanding of attack vectors, current threats, and remediation strategies.
  • Experience with computer forensics practices and procedures, basic investigations, and evidence handling is preferred.
  • Have experience with Federal government agencies.
  • Have an understanding of agile frameworks.
  • Military experienced candidates are encouraged to apply.
  • Candidates will need to obtain Security Clearance of Public Trust once hired.
  • Work is full-time 100% remote.

TAG: INDMJC