Jobs
>
Silver Spring

    Application Security Engineer - Silver Spring, United States - EagleBank

    EagleBank
    EagleBank Silver Spring, United States

    2 weeks ago

    Default job background
    Description

    Overview:

    We are a values driven organization putting Relationships FIRST. EagleBank is focused on being Flexible, Involved, Responsive, Strong, and Trusted. By prioritizing meaningful connections with our customers, employees, and shareholders, we relentlessly deliver the most compelling, valuable service to our community. EagleBank (NASDAQ - EGBN) was founded to meet the financial needs of local business owners in Maryland, Washington DC, and Northern Virginia. With genuine connections, we provide custom financial solutions, local decision-making, and a deeply-rooted dedication to the community.

    EagleBank is committed to being a workplace of inclusion, equity, respect, and acceptance. We celebrate diversity and intentionally seek out opportunities to learn from one anothers experience. We believe employees are essential to the building of relationships and we prioritize investing in employee growth and wellbeing. Throughout your EagleBank career, our commitment is to provide you with a variety of competitive benefits, recognition, training and development, and the knowledge that your contribution adds value to the company and our community. Employee involvement is fostered through resource groups, mentorship programs, community service, and scholarship opportunities for continued education. With features including wellness discounts, healthcare premium sharing, employer funding in your HSA account, and 100% 401(k) matching up to 4%, we pride ourselves in the ways we support our internal relationships.

    We understand the need to be creative and flexible when it comes to telecommuting and other alternative work arrangements. This position is eligible for 100% remote and will be affiliated with the Silver Spring, MD office.

    Responsibilities:

    As the Application Security Engineer you will be providing application security expertise throughout the Software Development LifeCycle (SDLC) as well as being responsible for managing and driving forwards the Application Security Analytics practices. A key part of your role will also involve validating and testing web applications in order to ensure applications meet the requirements of the SDLC Policy and industry best practices. The job will also entail conducting Component Analysis, which is the process of identifying potential areas of risk from the use of third-party and open-source software and hardware components. In addition undertaking threat modelling and conducting periodic penetration testing using best of breed tools, a good understanding of the OWASP Top 10 vulnerabilities and maintaining documentation.

    Qualifications:

    Requirements:

    • Bachelors degree in Computer Science or 4 additional years of software development.
    • 5+ years experience with emphasis on application development, application security or related fields.
    • 3+ years experience in application security technologies with knowledge of application security threats. Experience with threat modeling, attack surface analysis, penetration testing, software vulnerability assessments, and understand of software security threat vectors.
    • Knowledge of Component Analysis using tools such as OWASP Dependency-Check, Bytesafe Dependency Checker, Patton, PHP Security Checker, etc.
    • Knowledge of BURP, MetaSploit, Nessus is a must.
    • Some Experience with static and dynamic application security testing.

    Required Certifications (at least one from this list):

    • Certified Secure Software Lifecycle Professional (CSSLP) from ISC2.
    • Certified Application Security Engineer (CASE) from EC-Council.
    • GIAC Penetration Tester (GPEN) from SANS Institute.
    • GIAC Web Application Penetration Tester (GWAPT) from SANS Institute.
    • Certified Penetration Testing Professional (CPENT) from EC-Council.
    • Secure Programming Certified Leader (S-CSPL) from SECO Institute.

    Preferences:

    • Experience as an application security engineer using a suite of tools used for the following:
      • Recon and Information Gathering (e.g. Nmap, NetCat, Spiders, OWASP Zed Attack Proxy).
      • Mapping and Discovery (e.g. Burp Suite with plug-ins)
      • Exploitation of top OWASP vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, etc. Experience with tools such as MetaSploit, AppScan or WebInspect.
      • Threat modeling using PASTA methodology.
    • Knowledge of OWASP Best practices
      • Knowledge of OWASP Testing Guide 4.0
      • Knowledge of OWASP Code Review 2.0
      • Knowledge of Software Component Verification Standard (SCVS).
    • Web Application Hacking and Security (W|AHS) from EC-Council.
    • Certified Ethical Hacker (CEH) from EC-Council.
    • Certified Ethical Hacker Master (CEH-M) from EC-Council.
    • Qualified/ Ethical Hacker Certification (Q/EH) from Security University.
    • Qualified/ Security Analyst Penetration Tester (Q/PTL) from Security University.
    • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) from SANS. Institute.
    • CompTIA Pentest+
    • Licensed Penetration Tester (L|PT) from EC-Council.
    • Project Management (PMP) certification.

    Don't meet all the requirements? We encourage you to still apply if you think you are the right person to join our community. We are always interested connecting with people inspired by our mission and values. If you arent hired for this position, your resume will remain available for the next year and might be considered for future openings. Note: You can update your resume as often as needed.

  • 3M Consultancy

    Senior Security Engineer

    2 weeks ago

    3M Consultancy washington, United States

    This is a remote position. · Job Title: Senior Security Engineer. · Location: Washington, DC (Remote) · Duration: Full-Time. · Role Specific Duties: · Provide network IDS monitoring, cyber threat intelligence, security log analysis and forensics, and web application security ...

  • Meta

    Security Engineering Manager, Investigations

    1 day ago

    Meta Washington, United States

    Are you interested in solving complex problems that lead to safer experiences for people using Meta's family of apps? Do you have an adversarial mindset and are excited about investigating and analyzing potential threats? Come join us at Meta Meta is seeking a security engineerin ...

  • Crimson Enterprises

    IT Security Engineer

    3 weeks ago

    Crimson Enterprises Arden on the Severn, United States

    With more than 1,500 stores in 19 European countries, C&A is one of the leading fashion companies in Europe. C&A welcomes over two million visitors daily to its stores and offers high-quality fashion at affordable prices for the whole family. We embrace the digital transformation ...

  • NovaWorks Solutions

    Security Engineer

    3 weeks ago

    NovaWorks Solutions Germantown, United States

    We want to make a difference - are you with us? We ensure that over 80 million people in Germany can benefit from digital healthcare. Join us in shaping the healthcare system of tomorrow. · Your work area · DEMIS is the digital platform for Germany and the healthcare sector, prov ...

  • Calloway & Associates, Inc.

    Security Operations Engineering Pre-solicitation

    1 day ago

    Calloway & Associates, Inc. Washington, United States

    CONGRESSIONAL BUDGET OFFICE · Security Operations Engineering Pre-solicitation: · Scope of work: · - _Ensure compliance with security policies, develop and update IT security documentation, provide related status_ _reports, briefings, schedules, and project plans in written form. ...

  • TEKsystems

    Application Security Engineer

    1 week ago

    TEKsystems Silver Spring, MD, United States

    Description: · As the Application Security Engineer you will be providing application security expertise throughout the Software Development LifeCycle (SDLC) as well as being responsible for managing and driving forwards the Application Security Analytics practices. A key part of ...

  • TEKsystems

    Application Security Engineer

    1 week ago

    TEKsystems Silver Spring, United States

    *Description:* · As the Application Security Engineer you will be providing application security expertise throughout the Software Development LifeCycle (SDLC) as well as being responsible for managing and driving forwards the Application Security Analytics practices. A key part ...

  • EagleBank

    Application Security Engineer

    3 days ago

    EagleBank Silver Spring, United States

    Overview: · We are a values driven organization putting · Relationships FIRST . EagleBank is focused on being · Flexible, Involved, Responsive, Strong , and · Trusted . By prioritizing meaningful connections with our customers, employees, and shareholders, we relentlessly deli ...

  • Ark Solutions

    SECURITY ENGINEER

    4 weeks ago

    Ark Solutions Bethesda, United States

    SECURITY ENGINEER (Identity & Access Management WAM/SSO) · DESCRIPTION · Supports the Identity & Access Management (IAM) function in Global Information Security organization. Ideal candidate will bring subject matter expertise (L3) on Web Access Management (WAM) and SSO technol ...

  • ARK Solutions Inc

    Security Engineer

    1 week ago

    ARK Solutions Inc Bethesda, United States

    Job: Security Engineer (Ping Federate) · Location: Bethesda, MD/Remote · Duration: Long Term · JOB DESCRIPTION · Supports the Identity & Access Management (IAM) function in Global Information Security organization. Ideal candidate will bring subject matter expertise (L3) on Web ...

  • ARK Solutions, Inc.

    Security Engineer

    2 weeks ago

    ARK Solutions, Inc. Bethesda, United States

    Job: Security Engineer · Location:Bethesda, MD/Remote · Duration: Long Term · This is Remote position, but candidate has to go onsite time to time. · Only looking for local candidate. · Only Open for W2 · JOB DESCRIPTION · Supports the Identity & Access Management (IAM) functio ...

  • Diverse Systems Group

    Security Engineer

    2 weeks ago

    Diverse Systems Group Bethesda, United States

    Job Description · Job Description · As a \ Security Engineer, you will be a key leader in maintaining the security posture of our systems and ensuring compliance with the Department of Defense (DOD) and Defense Health Agency (DHA) policies and requirements. Your extensive exper ...

  • Fisher Investments

    Senior PKI Infrastructure Security Engineer

    1 day ago

    Fisher Investments Arlington, United States Full time

    It's an exciting time to be a member of the Fisher Investments Technology Department. We're investing in the future of our firm's technology and are building our team to achieve global growth. We are looking for a Senior PKI Security Engineer to support our Corporate Systems team ...

  • Ark Solutions

    Security Engineer

    2 weeks ago

    Ark Solutions Bethesda, United States

    Job: Security Engineer · Location: · Bethesda, MD/Remote · Duration: Long Term · This is Remote position, but candidate has to go onsite time to time. · Only looking for local candidate. · Only Open for W2 · JOB DESCRIPTION · Supports the Identity & Access Management (IAM) fun ...

  • Compass Pointe Consulting

    Cloud Security Engineer

    2 hours ago

    Compass Pointe Consulting Vienna, United States

    Cloud Security Engineer · Vienna, VA – Hybrid 2/3 days in office · Responsibilities encompass collaborating with other DevOps and SysOps teams to transition public facing, on-premises applications to the cloud; securing the configuration management of the cloud infrastructure; m ...

  • Diverse Systems Group

    Security Engineer

    2 weeks ago

    Diverse Systems Group Bethesda, United States

    Job Description · Job DescriptionAs a \ Security Engineer, you will be a key leader in maintaining the security posture of our systems and ensuring compliance with the Department of Defense (DOD) and Defense Health Agency (DHA) policies and requirements. Your extensive experience ...

  • Addison Group

    Senior Security Engineer

    4 days ago

    Addison Group Chevy Chase, United States

    This postion requires a fully onsite presence for the 1st 30 days of employement and then a hybrid schedule is offered. · Information Security Engineer is responsible for supporting the security operations, including but not limited to threat identification, intrusion detection, ...

  • JCS Solutions LLC

    Cyber Security Engineer

    1 week ago

    JCS Solutions LLC Silver Spring, United States

    Job Description · Job DescriptionJCS Solutions LLC (JCS) is seeking a highly skilled Cybersecurity Specialist with a strong background in U.S. Government security standards and requirements. The ideal candidate will have experience working with NIST, OMB, and FISMA guidelines. Th ...

  • AstraZeneca

    Director of Product Security Engineering

    1 week ago

    AstraZeneca Gaithersburg, United States

    Are you ready to be part of the future of healthcare? Are you able to think big, be bold, and harness the power of digital and AI to tackle longstanding life sciences challenges? Then Evinova, a new health tech business part of the AstraZeneca Group might be for you · **Key Respo ...

  • Cat America

    Sr Security Engineer

    6 days ago

    Cat America Chevy Chase, United States

    Job Description · Job DescriptionSUPERVISORY RESPONSIBILITIES: · Supervise assigned employees by organizing and monitoring work progress · Maintain staff by recruiting, selecting, orienting, and training employees · Manage performance of employees through development, coaching, a ...