Security Application Engineer-Need GC and USC

Security Application Engineer

Location: Seattle (Bellevue, WA)

Project Duration: Long Term

Requirements: Must be GC or USC

Must have experience with: IBM App Scan, Fortify, BURP Suite, Kali Linux, SOAP UI, Application Test, Penetration Test

Job Description:

The Security team is seeking an enthusiastic Security Application Tester who will test applications for security compliance. The successful candidate will have experience with Enterprise Applications and Information Security. The scope of applications to be tested includes software used to run the business, not software sold or provided to end customers. The types of applications range from web services to line of business applications to mobile or cloud applications. Candidates will be responsible for ensuring all applications meet enterprise minimum security specifications and escalating potential deviations when they do not.

Essential Functions:

1. Perform security, compliance, and risk assessments on projects throughout the project lifecycle using SDLC, waterfall, or RUP methodologies.
2. Support information security review of new technologies, designs, and remediation planning efforts.
3. Investigate and identify security needs & recommend plans/resolutions. Implement, test & monitor information security improvements.
4. Maintain visibility inside & outside of information security, interfacing with groups such as billing ops, application support, engineering ops, finance, legal, privacy, risk management, etc.
5. Support the information security policy lifecycle throughout, including intake, creation, review, approval, implementation, publishing, communication & maintenance.
6. Support security projects driven by groups both internal and external to information security.
7. Experience with static and dynamic vulnerability identification using industry-leading scanning tools and manual code reviews.
8. Experience with the Top 10 OWASP (Open Web Application Security Project) vulnerabilities and how to identify and remediate them.
9. Solid understanding of Information Security in general and the specific behaviors that would secure information assets.
10. Ability to translate Information Security policies and procedures into language that a business and/or technical person can understand.
11. Strong problem-solving skills with the ability to methodically and objectively analyze and resolve Information Security challenges.
12. Ability to work well inside and outside the team, exchanging ideas, knowledge, and experience to boost the quality and efficiency of solutions.
13. Great stakeholder management skills and experience due to the escalation process.

If you are interested in this position, please forward your profile to or call me at 703 468 0398.