The Consortium, Inc.

Application Security Engineer

The Consortium, Inc. - Rockville, MD

The main function of a Software Security Engineer is to assess software security by performing security testing, participate in code reviews and work in partnership with software development teams to ensure that appropriate software security controls have been designed and built within applications.

Job Responsibilities:

Perform software security testing at a unit, functional, and system wide level

Perform manual and/or automated secure code reviews

Lead threat modeling activities

Assist development teams in designing, developing and implementing integrated software security solutions

Conduct security risk analysis of business and technology projects

Participate, as needed, in documenting software security standards, guidelines, policies and procedures

Act as Software Security resource on assigned projects

Creates reusable software security artifacts

Develop and/or deliver software security focused training


Bachelor's degree in Computer Engineering, Computer Science, Software Engineering or a related field

8+ years experience

Programming/development experience using C#, .NET or other applicable programming experience

QA, test automation, and test design experience Experience performing automated and/or manual code reviews

Experience in a group development environment as a software engineer or QA engineer or build/release engineer

Experience with interpreting policies and appropriately applying them to projects Experience writing technology-specific best practices

Additional Skills and Experience

Required Skills
1. Application Security (AppSec) domain knowledge/experience, including ALL of the following:
1. Manual source code review
2. Experience analyzing DAST/SAST scan results (not just running the tools); Ideally with AppScan or Netsparker, and Checkmarx
3. Application penetration testing; ideally with BurpSuite
2. Solid Java Knowledge, and ideally at least historical Development Skills; e.g. a good understanding Core Java and ideally relevant frameworks (e.g. Spring, Hibernate, …).
3. Strong understanding of both Web Application and Web Service architectures, as well as associated protocols
4. Networking fundamentals (ideally security-centric)
5. Demonstrated history of making Security their career path through roles held and credentials obtained

Highly Desirable Skills
1. Python Knowledge + Development Skills
2. Capture the Flag (CTF) / red team exercise experiences.
3. Web Application Firewall (WAF) knowledge/experience
4. AWS Development Skills (e.g. ideally not just AWS Console access, but API level exposures) OR solid AWS Security knowledge.
5. Relevant Credentials, such as (Masters in Cybersecurity, OSCP, CEH)
6. Any of the following additional credentials
1. Microsoft 365 Security Administration
2. Microsoft Azure Security Technologies
3. Certified Cloud Security Professional (CCSP)
4. AWS Certified Solutions Architect
5. AWS Certified Security Specialty (Associate or Professional)


Posted On: Monday, June 7, 2021

Apply to this job