Application Security Engineer - Patton, United States - Eagle Bancorp Inc

    Eagle Bancorp Inc
    Eagle Bancorp Inc Patton, United States

    1 month ago

    Default job background
    Description
    Overview

    We are a values driven organization putting

    Relationships FIRST . EagleBank is focused on being

    Flexible, Involved, Responsive, Strong , and

    Trusted .

    By prioritizing meaningful connections with our customers, employees, and shareholders, we relentlessly deliver the most compelling, valuable service to our community.

    EagleBank (NASDAQ - EGBN) was founded to meet the financial needs of local business owners in Maryland, Washington DC, and Northern Virginia.

    With genuine connections, we provide custom financial solutions, local decision-making, and a deeply-rooted dedication to the community.
    EagleBank is committed to being a workplace of inclusion, equity, respect, and acceptance. We celebrate diversity and intentionally seek out opportunities to learn from one another's experience. We believe employees are essential to the building of relationships and we prioritize investing in employee growth and wellbeing.

    Throughout your EagleBank career, our commitment is to provide you with a variety of competitive benefits, recognition, training and development, and the knowledge that your contribution adds value to the company and our community.

    Employee involvement is fostered through resource groups, mentorship programs, community service, and scholarship opportunities for continued education.

    With features including wellness discounts, healthcare premium sharing, employer funding in your HSA account, and 100% 401(k) matching up to 4%, we pride ourselves in the ways we support our internal relationships.

    We understand the need to be creative and flexible when it comes to telecommuting and other alternative work arrangements. This position is eligible for 100% remote and will be affiliated with the Silver Spring, MD office.
    Responsibilities

    As the

    Application Security Engineer


    you will be providing application security expertise throughout the Software Development LifeCycle (SDLC) as well as being responsible for managing and driving forwards the Application Security Analytics practices.

    A key part of your role will also involve validating and testing web applications in order to ensure applications meet the requirements of the SDLC Policy and industry best practices.

    The job will also entail conducting Component Analysis, which is the process of identifying potential areas of risk from the use of third-party and open-source software and hardware components.

    In addition undertaking threat modelling and conducting periodic penetration testing using best of breed tools, a good understanding of the OWASP Top 10 vulnerabilities and maintaining documentation.

    Qualifications


    Required Education/Experience:
    Bachelor's degree in Computer Science or 4 additional years of

    software development.
    5+ year's experience with emphasis on application development, application security or related fields.
    3+ year's experience in application security technologies with knowledge of application security threats. Experience with threat modeling, attack surface analysis, penetration testing, software vulnerability assessments, and understand of software security threat vectors.
    Knowledge of Component Analysis using tools such as OWASP Dependency-Check, Bytesafe Dependency Checker, Patton, PHP Security Checker, etc.
    Knowledge of BURP, MetaSploit, Nessus is a must.
    Some Experience with static and dynamic application security testing.

    Required Certifications (at least one from this list):
    Certified Secure Software Lifecycle Professional (CSSLP) from ISC2
    Certified Application Security Engineer (CASE) from EC-Council
    GIAC Penetration Tester (GPEN) from SANS Institute
    GIAC Web Application Penetration Tester (GWAPT) from SANS Institute
    Certified Penetration Testing Professional (CPENT) from EC-Council
    Secure Programming Certified Leader (S-CSPL) from SECO Institute

    Preferred Education/Experience:
    Experience as an application security engineer using a suite of tools used for the following:
    Recon and Information Gathering (e.g. Nmap, NetCat, Spiders, OWASP Zed Attack Proxy)
    Mapping and Discovery (e.g. Burp Suite with plug-ins)
    Exploitation of top OWASP vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, etc. Experience with tools such as MetaSploit, AppScan or WebInspect.
    Threat modeling using PASTA methodology.
    Knowledge of OWASP Best practices
    Knowledge of OWASP Testing Guide 4.0
    Knowledge of OWASP Code Review 2.0
    Knowledge of Software Component Verification Standard (SCVS)

    Preferred Certifications:
    Web Application Hacking and Security (W|AHS) from EC-Council
    Certified Ethical Hacker (CEH) from EC-Council
    Certified Ethical Hacker Master (CEH-M) from EC-Council
    Qualified/ Ethical Hacker Certification (Q/EH) from Security University
    Qualified/ Security Analyst Penetration Tester (Q/PTL) from Security University
    GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) from SANS Institute
    CompTIA Pentest+
    Licenced Penetration Tester (L|PT) from EC-Council
    Project Management (PMP) certification preferred

    Don't meet all the requirements? We encourage you to still apply if you think you are the right person to join our community.

    We are always interested connecting with people inspired by our mission and values.

    If you aren't hired for this position, your resume will remain available for the next year and might be considered for future openings.


    Note:
    You can update your resume as often as needed.

    #J-18808-Ljbffr