At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.

phia is seeking an Application Security Engineer with hands-on experience using Veracode for application security testing and vulnerability management. The ideal applicant should be proficient in utilizing Veracode's static and dynamic analysis tools and interpreting scan results, and able to provide clear and actionable remediation guidance. This individual will work with the Federal client to maintain a resilient security posture for highly visible applications. This position allows you to work remotely from anywhere within the United States.

U.S. citizenship is required, and able to obtain Public Trust approval.

What You'll Do

Collaborate with the federal client and application teams to maintain a robust security posture for high-visibility applications

Lead proactive security discussions with development teams to integrate best practices throughout the software development lifecycle

Conduct comprehensive application security assessments using dynamic and static testing methodologies

Perform threat modeling and security requirements analysis using tools like SD Elements

Execute in-depth application penetration testing using industry-standard tools such as Burp Suite

Implement and leverage the latest OWASP frameworks to enhance application security

Develop and maintain security controls to protect applications, systems, and infrastructure services

Provide expert guidance on remediating identified security flaws and vulnerabilities

Stay current with evolving security threats and compliance standards to ensure continuous improvement of security measures

Required: Education + Experience

Veracode experience is a must

6+ years of Information Technology experience

3+ years of experience with supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode

2+ years of experience with Java, Python, .NET, or C#

3+ years of experience with Burp Suite

3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services

Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio

Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25

Knowledge of federal compliance standards, including NIST 800-53, FIPS, or FedRAMP

Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic website connectivity issues

Ability to obtain a security clearance

HS diploma or GED

U.S. citizenship and ability to obtain a Public Trust clearance

Desired Skills and Experience

Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field

Experience with Interactive Application Security Testing (IAST) tools and methodologies

Proficiency with Selenium for automated testing

Skill in writing bash scripts for security automation

Hands-on experience with OWASP ZAP or Burp Proxy

Certifications in application security or related fields (e.g., CSSLP, OSCP, GWAPT)

Security Clearance

U.S. Citizenship required

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Public Trust determination is required

If you thrive on complex problem-solving, enjoy providing innovative solutions, and want to have a meaningful impact on national security, let's explore the possibility of working for phia!

#LI-LC1

Who You Are

A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.

Intellectually curious with a genuine desire to learn and advance your career.

An effective communicator, both verbally and in writing.

Customer service-oriented and mission-focused.

Critical thinker with excellent problem-solving skills

If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.

Who We Are

phia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia values work-life balance and offers the following benefits to full-time employees:

Comprehensive medical insurance to include dental and vision

Short Term & Long-Term Disability

401k Retirement Savings Plan with Company Match

Tuition and Professional Development Assistance Flex Spending Accounts (FSA)

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.

Please be aware job applicants have rights under federal employment laws. You can find more information about The Family Medical Leave Act (FMLA), Know Your Rights (EEO), and Employee Polygraph Protection Act (EPPA) on The U.S. Department of Labor (DOL)’s website HERE. Frequently Asked Questions - United States Department of Labor

Application Security Engineer -Veracode SME

Job description

Required profile

Experience

Hard Skills

Other Skills

Security Engineer Related jobs

Fire & Security Service Engineer - Ref65104

DevOps Security Engineer

Senior Security Engineer - India

Senior Security Engineer, App Security

Fire & Security Service Engineer - Ref24393