• Design, develop, and maintain comprehensive test automation frameworks. • Lead testing efforts across multiple projects. • Collaborate closely with developers and other stakeholders. • Identify, analyze, and prioritize software defects. • Mentor and guide junior and mid-level QA professionals. • Provide leadership in Agile ceremonies. • Analyze test results and produce reports. • Drive continuous improvement initiatives.

Role Description The Application Security Engineer will support the secure development and testing of applications by leveraging specialized tools, implementing security controls, and ensuring compliance with federal standards. This role involves hands-on work with application security testing (SAST, DAST, IAST), vulnerability management, secure coding practices, and collaboration with development teams to protect enterprise web applications in a federal environment. - Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode and Burp Suite. - Design and implement enterprise-wide security controls to secure applications, systems, networks, or infrastructure services. - Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring, CWE, WASC, and SANS Top 25 vulnerabilities. - Integrate security practices into development workflows using IDEs such as Eclipse, JDeveloper (including pipeline development), or Visual Studio. - Perform application security testing and automation using tools such as OWASP ZAP, Burp Proxy, Selenium, and Interactive Application Security Testing (IAST) capabilities. - Write and maintain bash scripts to support security automation, testing, and troubleshooting tasks. - Participate in vulnerability discovery, triage, and remediation processes, including crowdsourced security programs via platforms like HackerOne. - Work in Linux or UNIX environments, including navigating file systems and troubleshooting basic website connectivity and security issues. - Ensure applications and security practices align with federal compliance standards, including NIST 800-53, FIPS, or FedRAMP. Qualifications - Minimum 6+ years of Information Technology experience with a focus on application and security engineering. - 3+ years of hands-on experience supporting application security testing, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). - Demonstrated experience with SAST, DAST, and IDE plug-in integrations using tools such as Veracode and Burp Suite. - Experience performing authenticated and unauthenticated crawl auditing and DAST scanning using Burp Suite Enterprise Edition, including scan configuration, issue validation, and remediation coordination. - Experience with Interactive Application Security Testing (IAST) tools and methodologies. - Proficiency using OWASP ZAP and/or Burp Proxy for web application security testing. - Experience participating in vulnerability discovery and remediation programs, including HackerOne. - Experience with test automation tools, including Selenium. - Proficiency in bash scripting for security automation, testing, and troubleshooting. - 2+ years of development experience in one or more programming languages, including Java, Python, .NET, or C#. - Experience integrating security into development workflows using Eclipse, JDeveloper (including CI/CD pipeline development), or Visual Studio. - 3+ years of experience designing and implementing enterprise-wide security controls to secure applications, systems, networks, or infrastructure services. - Hands-on experience securing enterprise web applications, with strong knowledge of OWASP Top 10, CVSS, CWE, WASC, and SANS Top 25 vulnerabilities. - Knowledge of federal compliance and security frameworks, including NIST 800-53, FIPS, and FedRAMP. - Working knowledge of Linux or UNIX environments, including file system navigation and troubleshooting basic website connectivity issues. - High School Diploma or GED required. - Public Trust Determination or Active Security clearance (preferred). Benefits - Health, Vision, and Dental Insurance - PTO

• Work autonomously to apply and establish testing best practices. • Collaborate with the development team to lead the design, development, implementation, and maintenance of a test automation framework that supports multiple project needs. This includes using tools like FitNesse, Selenium, and Cucumber, and writing test scripts in Java. • Deploy test automation to a continuous integration environment and ensure that test results are communicated clearly and promptly. • Participate in sprint planning and work closely with the project team to identify risks and impacts for the systems being tested. • Create and generate test scenarios from user stories and acceptance criteria. • Manage multiple project schedules at different phases of testing, maintaining strong organizational skills and the ability to prioritize tasks effectively. • Coordinate QA tasks and priorities for each project, including identifying QA/testing environment needs. • Walk through and demonstrate testing results to Product Owners and business stakeholders to gain sign-off on user stories.**Ensure defects or requirement changes identified during testing are tracked, verified, and resolved before moving the application into production.

• Perform software testing for various systems, including web and mobile applications, customer billing, back-end database systems, email delivery, and security systems • QA tasks throughout a project's life cycle • Collaboration with various departments to ensure proper processes are followed • Hands-on participation in the project lifecycle, from reviewing requirements through release and post-launch support • Create and execute comprehensive test plans and test cases, report and track issues through resolution • Functional, system integration, regression, user acceptance and production deployment testing • Reproduce production bugs and validate bug fixes • Collaborate with all departments for full test coverage • Provide accurate and timely estimates for QA timelines and effort • Establish and evolve formal QA processes using industry-accepted best practices • Oversee all aspects of quality assurance including establishing metrics, applying industry best practices, and developing new tools and processes to ensure quality goals are met • Adapt to the SCRUM software development process - participate in Sprint planning, reviews, stand-ups, and retrospectives