Security Engineer – Washington, DC
Job Title: Security Engineer
Location: Washington, DC
Start Date: Immediate
Technik is looking for a talented Security Engineer. The ideal candidate should have strong cyber security engineering experience in a cloud and web application development environment. This individual will be responsible for the application security of a large, complex, cloud-based application. The individual will perform Application Static and Dynamic analysis, review reports and identify resolutions. The individual will work with an agile team in analyzing and identifying security controls as for each feature as part of the development team. Security Engineer will analyze the software design and implementations from a security perspective during the software development lifecycle and provide technical input and architecture / design recommendations to ensure that security is “baked in” and not “added on” to the system.
This individual must possess strong technical skills coupled with interpersonal and communication skills to both provide guidance to application software development team members. This person must possess a strong background implementing internet security technologies.
Be an integrated part of the development team to build security controls into each feature to ensure security is a forethought not an afterthought
Perform ongoing security testing and application code reviews from a security vulnerability perspective
Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
Develop architectural designs for solutions to business problems
Assist management team with analyzing applications, infrastructure vulnerability reports and identifying the application specific remediation
Should be knowledgeable in web application dynamics and static analysis reports and identify the resolution
Strong experience in System Architecture, Design, Development and integration and deployment of multi-tier mission critical web Application systems
Mentor development teams on use of secure coding practices and evangelize secure software development practices and processes
Perform threat analysis of identity and access management services
Present application security architectures and designs to customers and management team
To be considered for this role, candidates must have:
5+ years progressively increasing experience architecting, designing, implementing, and testing security with development team(s) that delivered commercial-grade enterprise software systems. Agile delivery experience preferred.
Demonstrated experience in correlating industry standard security controls (e.g. FISMA, NIST 800-53, OWASP ISO IEC 27035) towards informed and compliant application and/or systems design. Experience with preparation and/or remediation activities for independent audits, accreditations, and ATOs is desirable.
2+ years’ experience with cloud-based web applications, including experience with virtualization
Strong experience and detailed technical knowledge in security engineering, operating system, application and network security, authentication and security protocols, cryptography, public-key infrastructures
Experience with the application of threat modeling or other risk identification techniques
Experience and knowledge of vulnerability classes, mitigations and defense in depth mechanisms for operating systems and networks
Development experience in C, C++ and/or .Net and scripting skills
Candidates must demonstrate strong oral and written communications and be able to work in fast-paced, highly collaborative Agile team environment.
Demonstrated success in building meaningful and productive relationships with colleagues, customers and business partners.
Application penetration testing experience
Minimum 6 to 8 years’ work experience with 2 years as application security engineer analyzing the application modules for enhancing the application security
Must have led the design, development, and deployment of at least one significant Web application or product
Knowledge and demonstrated experience designing multi-tier, highly available, multi-threaded, scalable architectures
Experience in developing, deploying REST API or SOAP based Web Services for application integration services.
Expert proficiency with .Net-based application servers
Hands-on experience with HTML5, CSS, jQuery, Ajax and related frameworks (such as bootstrap) a plus.
Demonstrated application of architectures and designs that employ design patterns Strong database background and experience with Oracle or MS SQL Server.
Highly developed oral and written communication skills as well as presentation skills. Interest in all aspects of application security research and development
Familiarity with fundamentals of software configuration management, automated build processes, and source code control systems
Must be able to pass background investigation at the public trust level
Must be forward thinking and passionate problem solver able to work in a group environment that contributes to global client and company mission and culture
Able to take on new challenges and professionally communicate and collaborate with peers and executive client and corporate leadership