AppSec SAST & DAST

• Jobseeker Video Testimonials 
  
• Employee Glassdoor Reviews
  

We are an IT Solutions Integrator/Consulting Firm helping our clients hire the right professional for an exciting long term project. Here are a few details.

Requirements

Job Title: Application Security Specialist – SAST & DAST

Role Overview:

As an Application Security Specialist, you will operate within a Managed Services environment, ensuring the secure development and deployment of applications. You will collaborate with development and infrastructure teams to embed security throughout the DevSecOps lifecycle, leveraging industry best practices and advanced security tools.

Key Responsibilities:

• Adhere to established procedures and Service Level Agreements (SLAs) for DevSecOps services.
  

• Apply in-depth application security engineering principles to support secure development practices, including design and architecture reviews, threat modeling, secure coding, testing, and build processes.
  

• Ensure secure deployment baselines and understand secure application environments and exception handling.
  

• Utilize technology-driven tools to enhance the reliability and efficiency of monitoring and management processes.
  

• Conduct manual and automated security assessments of applications.
  

• Collaborate with development teams on defect triage and remediation based on vulnerability priorities.
  

• Serve as a bridge between application development and infrastructure teams, integrating security practices across operations.
  

• Analyze and investigate application security events, including emerging threats.
  

• Monitor application threat actors and associated tactics, techniques, and procedures (TTPs).
  

Required Qualifications:

• 5–8 years of experience in application security, development, testing, and security operations.
  

• Strong interest and expertise in application vulnerabilities, secure coding, and infrastructure.
  

• Solid analytical and problem-solving skills.
  

• Experience interpreting data from application security tools and monitoring systems.
  

• Knowledge of OWASP Top 10, SANS Secure Programming, and security engineering practices.
  

• Proficiency with DAST tools (e.g., WebInspect, AppScan) and SAST tools (e.g., Checkmarx, Fortify).
  

• Code review experience in languages like .NET, Java, Swift, and Objective-C.
  

• Familiarity with CVSS and vulnerability risk assessment.
  

• Experience integrating security tools into CI/CD pipelines (e.g., Jenkins, Bamboo, TeamCity).
  

• Knowledge of serverless and cloud-based environments.
  

• Experience in penetration testing across mobile, desktop, and web applications.
  

• Experience with container technologies such as Docker and Kubernetes.
  

• Strong communication skills.
  

• Proficiency in scripting languages for automation and complex queries.
  

Preferred Qualifications:

• Bachelor's degree in Computer Science or a related technical field.
  

• Experience in Managed Services with a focus on DevOps, TVM, source code verification, and threat modeling.
  

• Understanding of information security principles, network security, defense strategies, and security technologies.
  

• Ability to identify and assess application-related threat indicators.
  

• Relevant certifications such as SANS Secure Coding, CSSLP, OSCP, or equivalent.
  

Benefits