Application Security Tooling Engineer (ID 33)

Washington, AR - USA

Monthly Salary: Not Disclosed

Posted on: 5 hours ago

Vacancies: 1 Vacancy

Job Summary

Application Security Tooling Engineer (Sonatype Fortify StackRox Burp Suite)

Position Overview

We are seeking an Application Security Tooling Engineer to design operate and continuously improve the a defense agencys application security (AppSec) scanning ecosystem across the software development life cycle (SDLC). This position will run and integrate software composition analysis (SCA) with Sonatype static application security testing (SAST) with Fortify container/Kubernetes security with Red Hat Advanced Cluster Security (StackRox) and dynamic application security testing (DAST) with Burp Suite-ensuring scalable auditable mission-ready security controls in regulated environments. The ideal candidate is comfortable performing tool assessments and recommendations to Senior Executive leaders (in commercial/Federal) to potentially reduce tools but is comfortable operating all tools listed.

Required Qualifications

Active Secret clearance required
5 years in application security engineering and/or DevSecOps in regulated environments.
Hands-on administration and pipeline integration experience with Sonatype (Nexus IQ/Lifecycle) Fortify (SCA/SSC) StackRox/Red Hat ACS and Burp Suite (Professional/Enterprise preferred).
Strong CI/CD and automation skills; ability to implement repeatable integrations and policy gates.
Working knowledge of:
- Secure SDLC OWASP Top 10 dependency risk SBOM concepts container/Kubernetes security
- Linux administration networking fundamentals TLS/cert management identity integration (SSO/LDAP)
- Common languages/build systems (e.g. Java/Maven//NuGet Node/npm Python/pip)
- Oracle Cloud Infrastructure

Preferred Qualifications

DoD/IC experience with RMF STIGs and vulnerability management processes.
Familiarity with registries and orchestration: Harbor/Artifactory/ECR Kubernetes/OpenShift Helm.
Experience integrating with SIEM/SOAR and ticketing (e.g. Splunk ServiceNow Jira).
Relevant certifications (one or more): Security CISSP CSSLP GIAC Kubernetes security certs.

Application Security Tooling Engineer (Sonatype Fortify StackRox Burp Suite) Position Overview We are seeking an Application Security Tooling Engineer to design operate and continuously improve the a defense agencys application security (AppSec) scanning ecosystem across the software development lif...

Application Security Tooling Engineer (Sonatype Fortify StackRox Burp Suite)

Position Overview

Required Qualifications

Active Secret clearance required
5 years in application security engineering and/or DevSecOps in regulated environments.
Hands-on administration and pipeline integration experience with Sonatype (Nexus IQ/Lifecycle) Fortify (SCA/SSC) StackRox/Red Hat ACS and Burp Suite (Professional/Enterprise preferred).
Strong CI/CD and automation skills; ability to implement repeatable integrations and policy gates.
Working knowledge of:
- Secure SDLC OWASP Top 10 dependency risk SBOM concepts container/Kubernetes security
- Linux administration networking fundamentals TLS/cert management identity integration (SSO/LDAP)
- Common languages/build systems (e.g. Java/Maven//NuGet Node/npm Python/pip)
- Oracle Cloud Infrastructure

Preferred Qualifications

DoD/IC experience with RMF STIGs and vulnerability management processes.
Familiarity with registries and orchestration: Harbor/Artifactory/ECR Kubernetes/OpenShift Helm.
Experience integrating with SIEM/SOAR and ticketing (e.g. Splunk ServiceNow Jira).
Relevant certifications (one or more): Security CISSP CSSLP GIAC Kubernetes security certs.