Application Security Engineer

We are seeking a highly skilled and innovative Application Security Engineer to join our team in the greater DMV area supporting the Army National Guard.

Key Responsibilities

• Define application security strategy standards and SDLC integration points; champion secure-by-design practices across engineering and DevSecOps teams.
• Lead threat modeling and secure architecture reviews for applications APIs and microservices.
• Design implement and manage automated security toolchain: SAST DAST SCA IAST secrets management and pipeline gating.
• Triage validate prioritize and manage remediation of application vulnerabilities; coordinate remediation with developers platform and cloud teams.
• Conduct exploit validation root-cause analysis and coordinate incident response for application security events.
• Establish governance for vulnerability lifecycle release security validation and compliance reporting.
• Develop security requirements secure coding guidance checklists and developer training materials; deliver briefings to technical and executive audiences.
• Evaluate emerging application threats and tools; recommend and pilot defensive technologies and processes.
• Produce decisiongrade artifacts: architecture review reports risk assessments security test plans and metrics dashboards.

#ENOCS

Required Qualifications

• Minimum of 12 years with BS/BA; Minimum of 10 years with MS/MA; Minimum of 7 years with Ph.D.
• Clearance: TS/SCI (active)
• Education / Training / Certification: Candidate must meet ONE of the following:
  1. Masters or Ph.D. in Computer Science Cybersecurity Data Science Information Systems Information Technology or Software Engineering; OR
  2. Relevant DoD/Military training documented for application security or enterprise cybersecurity roles; OR
  3. Relevant professional certifications or demonstrated equivalent experience (examples: CISSPISSEP CSSLP GWAPT GIAC application security certs).
• Experience: Minimum 7 years application security/devsecops experience with at least 5 years in senior roles supporting enterprise or mission-critical systems.
• Technical skills: Demonstrated experience with SAST/DAST/SCA/IAST tooling CI/CD integration threat modeling secure architecture reviews vulnerability lifecycle management scripting/programming (Python Java C# JavaScript) and cloud-native platforms (AWS/Azure/GCP).
• Knowledge: OWASP Top 10 NIST SP 800 series RMF/DoD policy and secure coding best practices.

Preferred Qualifications

• Certifications: CISSPISSEP preferred; CSSLP GWAPT GWEP or other GIAC application security certifications desirable.
• Experience with container security API security secrets management and pipeline gating in automated CI/CD environments.

#ENOCS

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.