TAX Application Security Architect & Engineer 6 mo C-H

Richmond, VA - USA

Monthly Salary: Not Disclosed

Posted on: 10 hours ago

Vacancies: 1 Vacancy

Job Summary

TAX -Application Security Architect & Engineer (6 mo Contract-to-Hire)

Hybrid/Remote (Occasional onsite required)

Must be a US Citizen or Permanent Resident.

ABOUT THE ROLE

Virginia Tax is seeking an Application Security Engineer (ASE) with 5 years of experience to join the Office of Technology under Joint Security this role the ASE serves as a dedicated security partner to application teams providing guidance on secure design vulnerability management and secure development practices. The ASE works collaboratively across the SDLC to ensure security is embedded into application design development testing and deployment. This includes supporting compliance requirements delivering training and education and assisting teams with vulnerability remediation efforts.

The successful candidate will identify and recommend improvements to improve the security of all Virginia Tax applications promote secure coding and development practices and contribute to ongoing initiatives that reduce risk and strengthen the agencys overall security posture.

Employment Terms: 6 mo Contract-to-Hire. No sponsorship available.

Responsibilities include but not limited to:

Provide security guidance training and best practices for development and operations teams.
Support secure software development by applying knowledge of SDLC Agile and Scrum methodologies.
Evaluate software architecture and design for security risks and alignment with DevSecOps principles.
Promote and enforce secure coding standards and guidelines.
Review source code to identify vulnerabilities and recommend remediation strategies.
Assess security risks across multiple programming languages (e.g. JavaScript C# Java Ruby SQL).
Analyze and secure modern web application architectures including cloud APIs microservices and client server models.
Identify and address common vulnerabilities including those outlined in the OWASP Top 10.
Support vulnerability remediation patch management and continuous improvement efforts.
Utilize application security testing tools such as SAST DAST IAST and platforms like Accunetix Veracode Jenkins Splunk Rapid7 and Tenable.
Interpret and act on findings from SIEM systems including Splunk.
Apply knowledge of common security controls and frameworks.
Ensure compliance with relevant security regulations and standards (e.g. NIST 800 IRS Pub 1075 PCI DSS).
Implement and evaluate AWS cloud security controls and best practices.
Create maintain and review System Security Plans (SSPs).
Troubleshoot and resolve complex technical and security-related issues.
Stay current with evolving threats technologies and industry trends.
Develop detailed plans and communicate risks impacts and recommendations effectively.
Collaborate with application teams QA engineers and operations teams to integrate security into workflows.
Provide constructive actionable feedback to application teams.
Communicate technical concepts clearly to both technical and non technical audiences.
Work closely with other security analysts and technology teams to support agency and enterprise security initiatives.
Manage multiple tasks prioritize effectively and meet deadlines.
Apply critical thinking to evaluate and mitigate security risks and vulnerabilities.
Required Skills/Experience:
- Five or more years experience in application security.
- Two or more years network or firewall/AWS Security Groups.
- Experience with log collection vulnerability scans and remediation or privileged access management.
- Strong understanding of security concepts network protocols and threat vectors.
- Proficiency in SIEMIDS/IPS EDRand other relevant security tools.
- Excellent analytical and problem-solving skills.
- Strong communication collaboration and documentation skills.
- Ability to work independently and as part of a team in a fast-paced environment.
Have experience and a strong knowledge of the following:
- Splunk Insigh tVM Rapid7 Tenable CyberArk Jenkins Veracode
- Linux and Windows Operating Systems Baseline hardening of operating systems
- IIS and Apache Scripting Languages and SQL PowerShell Firewall
  
  At least one of these certs below is REQUIRED:
  - CompTIA Security
  - ISC2 CC (Certified in Cybersecurity)
  - Offensive Security Certified Professional (OSCP)
  - CCSP (Certified Cloud Security Professional)
  - CSSLP (Certified Secure Software Lifecycle Professional)
  At least one of these certs below is highly DESIRED (Independently and or with one of the above)
  - AWS Solutions Architect (Associate/Professional)
  - AWS Security Specialty
  At least one of the any is DESIRED
  - CompTIA PenTest
  - Certified Ethical Hacker (CEH) GIAC Certified Intrusion Analyst (GCIA

Required/Desired Skills

Skill	Required /Desired	Amount	of Experience
Application Security	Required	5	Years
Network or Firewall/AWS security Groups	Required	2	Years
Infrastructure as Code (IaC): Advanced proficiency in Terraform for multi-account landing zones and automated provisioning.	Required	2	Years
Experience with log collection vulnerability scans and remediation or privileged access management	Required	4	Years
Proficiency in SIEM IDS/IPS EDR and other relevant security tools.	Required	4	Years
Networking & Hybrid Connectivity: Solid understanding of routing firewalls AWS Direct Connect and VPNs in a hybrid cloud environment.	Required	4	Years
One REQUIRED: CompTIA Security ISC2 CC (Certified in Cybersecurity) Offensive Security Certified Professional (OSCP) CCSP or CCLP. UPLOAD COPY!!	Required	0
CI/CD & DevOps: Experience with GitLab CI/CD Jenkins or AWS CodePipeline for automated secure deployments.	Highly desired	5	Years
Splunk InsightVM Rapid7 Tenable CyberArk Jenkins Veracode	Highly desired	2	Years
Linux and Windows Operating Systems Baseline hardening of operating systems	Highly desired	2	Years
IIS and Apache Scripting Languages and SQL PowerShell Firewall	Highly desired	2	Years
One highly DESIRED (Independently and or with one of the above): AWS Solutions Architect (Associate/Professional) or AWS Security Specialty	Highly desired	0
One of these is DESIRED: CompTIA PenTest Certified Ethical Hacker (CEH) or GIAC Certified Intrusion Analyst (GCIA)	Highly desired	0

Questions

No.	Question
Question1	Commonwealth of Virginia security policies prohibit the use of offshore IT contractors. Do you attest to the fact that your candidate will physically reside within the US for the duration of the assignment
Question2	Please list candidates email address.
Question3	In what city and state does your candidate permanently reside Local Richmond candidates preferred bc of on site requirements. If your candidate is local to Richmond have you (vendor) taken the necessary steps to verify this residency
Question4	This role requires occasional onsite presence (*parking is not provided for contractors). If selected does your candidate agree to this arrangement
Question5	This role is intended to be a 6 month Contract to Hire role. Sponsorship is not available. For this reason the candidate must be interested and eligible for FTE hire after 6 months.
Question6	At least one of these certs is REQUIRED: CompTIA Security ISC2 CC (Certified in Cybersecurity) Offensive Security Certified Professional (OSCP) CCSP (Certified Cloud Security Professional) or CSSLP (Certified Secure Software Lifecycle Professional). To be considered you must upload a copy of their cert under the reference tab. We will not consider your candidate without this!
Question7	At least one of these certs below is highly DESIRED (Independently and or with one of the above): AWS Solutions Architect (Associate/Professional) or AWS Security Specialty. If they have one of these certs please upload under the reference tab in Vector if you want us to consider it. If they do not have these simply put N/A in the skills matrix.
Question8	At least one of the any is DESIRED: CompTIA PenTest Certified Ethical Hacker (CEH) or GIAC Certified Intrusion Analyst (GCIA). If they have one of these certs pls upload under the reference tab in Vector if you want us to consider it. If they do not have these simply put N/A in the skills matrix.

TAX -Application Security Architect & Engineer (6 mo Contract-to-Hire) Hybrid/Remote (Occasional onsite required) Must be a US Citizen or Permanent Resident. ABOUT THE ROLE Virginia Tax is seeking an Application Security Engineer (ASE) with 5 years of experience to join the Office of Technology...

The successful candidate will identify and recommend improvements to improve the security of all Virginia Tax applications promote secure coding and development practices and contribute to ongoing initiatives that reduce risk and strengthen the agencys overall security posture.

Employment Terms: 6 mo Contract-to-Hire. No sponsorship available.

Responsibilities include but not limited to:

Provide security guidance training and best practices for development and operations teams.
Support secure software development by applying knowledge of SDLC Agile and Scrum methodologies.
Evaluate software architecture and design for security risks and alignment with DevSecOps principles.
Promote and enforce secure coding standards and guidelines.
Review source code to identify vulnerabilities and recommend remediation strategies.
Assess security risks across multiple programming languages (e.g. JavaScript C# Java Ruby SQL).
Analyze and secure modern web application architectures including cloud APIs microservices and client server models.
Identify and address common vulnerabilities including those outlined in the OWASP Top 10.
Support vulnerability remediation patch management and continuous improvement efforts.
Utilize application security testing tools such as SAST DAST IAST and platforms like Accunetix Veracode Jenkins Splunk Rapid7 and Tenable.
Interpret and act on findings from SIEM systems including Splunk.
Apply knowledge of common security controls and frameworks.
Ensure compliance with relevant security regulations and standards (e.g. NIST 800 IRS Pub 1075 PCI DSS).
Implement and evaluate AWS cloud security controls and best practices.
Create maintain and review System Security Plans (SSPs).
Troubleshoot and resolve complex technical and security-related issues.
Stay current with evolving threats technologies and industry trends.
Develop detailed plans and communicate risks impacts and recommendations effectively.
Collaborate with application teams QA engineers and operations teams to integrate security into workflows.
Provide constructive actionable feedback to application teams.
Communicate technical concepts clearly to both technical and non technical audiences.
Work closely with other security analysts and technology teams to support agency and enterprise security initiatives.
Manage multiple tasks prioritize effectively and meet deadlines.
Apply critical thinking to evaluate and mitigate security risks and vulnerabilities.
Required Skills/Experience:
- Five or more years experience in application security.
- Two or more years network or firewall/AWS Security Groups.
- Experience with log collection vulnerability scans and remediation or privileged access management.
- Strong understanding of security concepts network protocols and threat vectors.
- Proficiency in SIEMIDS/IPS EDRand other relevant security tools.
- Excellent analytical and problem-solving skills.
- Strong communication collaboration and documentation skills.
- Ability to work independently and as part of a team in a fast-paced environment.
Have experience and a strong knowledge of the following:
- Splunk Insigh tVM Rapid7 Tenable CyberArk Jenkins Veracode
- Linux and Windows Operating Systems Baseline hardening of operating systems
- IIS and Apache Scripting Languages and SQL PowerShell Firewall
  
  At least one of these certs below is REQUIRED:
  - CompTIA Security
  - ISC2 CC (Certified in Cybersecurity)
  - Offensive Security Certified Professional (OSCP)
  - CCSP (Certified Cloud Security Professional)
  - CSSLP (Certified Secure Software Lifecycle Professional)
  At least one of these certs below is highly DESIRED (Independently and or with one of the above)
  - AWS Solutions Architect (Associate/Professional)
  - AWS Security Specialty
  At least one of the any is DESIRED
  - CompTIA PenTest
  - Certified Ethical Hacker (CEH) GIAC Certified Intrusion Analyst (GCIA

Required/Desired Skills

Skill	Required /Desired	Amount	of Experience
Application Security	Required	5	Years
Network or Firewall/AWS security Groups	Required	2	Years
Infrastructure as Code (IaC): Advanced proficiency in Terraform for multi-account landing zones and automated provisioning.	Required	2	Years
Experience with log collection vulnerability scans and remediation or privileged access management	Required	4	Years
Proficiency in SIEM IDS/IPS EDR and other relevant security tools.	Required	4	Years
Networking & Hybrid Connectivity: Solid understanding of routing firewalls AWS Direct Connect and VPNs in a hybrid cloud environment.	Required	4	Years
One REQUIRED: CompTIA Security ISC2 CC (Certified in Cybersecurity) Offensive Security Certified Professional (OSCP) CCSP or CCLP. UPLOAD COPY!!	Required	0
CI/CD & DevOps: Experience with GitLab CI/CD Jenkins or AWS CodePipeline for automated secure deployments.	Highly desired	5	Years
Splunk InsightVM Rapid7 Tenable CyberArk Jenkins Veracode	Highly desired	2	Years
Linux and Windows Operating Systems Baseline hardening of operating systems	Highly desired	2	Years
IIS and Apache Scripting Languages and SQL PowerShell Firewall	Highly desired	2	Years
One highly DESIRED (Independently and or with one of the above): AWS Solutions Architect (Associate/Professional) or AWS Security Specialty	Highly desired	0
One of these is DESIRED: CompTIA PenTest Certified Ethical Hacker (CEH) or GIAC Certified Intrusion Analyst (GCIA)	Highly desired	0

Questions

No.	Question
Question1	Commonwealth of Virginia security policies prohibit the use of offshore IT contractors. Do you attest to the fact that your candidate will physically reside within the US for the duration of the assignment
Question2	Please list candidates email address.
Question3	In what city and state does your candidate permanently reside Local Richmond candidates preferred bc of on site requirements. If your candidate is local to Richmond have you (vendor) taken the necessary steps to verify this residency
Question4	This role requires occasional onsite presence (*parking is not provided for contractors). If selected does your candidate agree to this arrangement
Question5	This role is intended to be a 6 month Contract to Hire role. Sponsorship is not available. For this reason the candidate must be interested and eligible for FTE hire after 6 months.
Question6	At least one of these certs is REQUIRED: CompTIA Security ISC2 CC (Certified in Cybersecurity) Offensive Security Certified Professional (OSCP) CCSP (Certified Cloud Security Professional) or CSSLP (Certified Secure Software Lifecycle Professional). To be considered you must upload a copy of their cert under the reference tab. We will not consider your candidate without this!
Question7	At least one of these certs below is highly DESIRED (Independently and or with one of the above): AWS Solutions Architect (Associate/Professional) or AWS Security Specialty. If they have one of these certs please upload under the reference tab in Vector if you want us to consider it. If they do not have these simply put N/A in the skills matrix.
Question8	At least one of the any is DESIRED: CompTIA PenTest Certified Ethical Hacker (CEH) or GIAC Certified Intrusion Analyst (GCIA). If they have one of these certs pls upload under the reference tab in Vector if you want us to consider it. If they do not have these simply put N/A in the skills matrix.