Application Security Tooling Administrator (ID 22)

Washington, AR - USA

Monthly Salary: Not Disclosed

Posted on: 5 hours ago

Vacancies: 1 Vacancy

Job Summary

Position Overview

We are seeking an Application Security Tooling Administrator to help design operate and continuously improve the a defense agencys application security (AppSec) scanning ecosystem across the software development life cycle (SDLC). This position will run and integrate software composition analysis (SCA) with Sonatype static application security testing (SAST) with Fortify container/Kubernetes security with Red Hat Advanced Cluster Security (StackRox) and dynamic application security testing (DAST) with Burp Suite-ensuring scalable auditable mission-ready security controls in regulated environments. The ideal candidate is comfortable operating all tools listed.

Required Qualifications

Active Secret clearance required
3 years in application security engineering and/or DevSecOps in regulated environments.
Hands-on administration and pipeline integration experience with Sonatype (Nexus IQ/Lifecycle) Fortify (SCA/SSC) StackRox/Red Hat ACS and Burp Suite (Professional/Enterprise preferred).
Strong CI/CD and automation skills; ability to implement repeatable integrations and policy gates.
Working knowledge of:
- Secure SDLC OWASP Top 10 dependency risk SBOM concepts container/Kubernetes security
- Linux administration networking fundamentals TLS/cert management identity integration (SSO/LDAP)
- Common languages/build systems (e.g. Java/Maven//NuGet Node/npm Python/pip)
- Oracle Cloud Infrastructure

Preferred Qualifications

DoD/IC experience with RMF STIGs and vulnerability management processes.
Familiarity with registries and orchestration: Harbor/Artifactory/ECR Kubernetes/OpenShift Helm.
Experience integrating with SIEM/SOAR and ticketing (e.g. Splunk ServiceNow Jira).
Relevant certifications (one or more): Security CISSP CSSLP GIAC Kubernetes security certs.

Position Overview We are seeking an Application Security Tooling Administrator to help design operate and continuously improve the a defense agencys application security (AppSec) scanning ecosystem across the software development life cycle (SDLC). This position will run and integrate software compo...