SourcePro Search is conducting a search for an experienced Senior Application Security Engineer in Washington, DC.
The ideal candidate will serve as subject matter expert integrating secure design for applications and services within the system development lifecycle.
This position collaborates with business units, project management, and engineering teams to deliver secure solutions.
Qualified candidates will have a background in cybersecurity or systems engineering.

What You'll Do:

• Perform security architecture and design reviews of applications and services;
• Integrate security tasks and activities into system development methodologies (e.g. planning, design, implementation, operations, maintenance, and disposal);
• and Perform validation of security controls to ensure consistency with industry standard methodologies.

In addition, the Senior Application Security Engineer will be expected to have experience with the following areas of responsibility:

• Partner with engineering on development, implementation, and monitoring of security controls for the protection of applications, services and highly sensitive data;
• Perform vendor technical solution acceptance verification and validation;
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks;
• Assess gaps in existing policy and propose amendments to existing policy or new policy to address these gaps;
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement;
• Building threat models for enterprise applications to identify attack vectors and threats;
• Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations within SDLC;
• Provides guidance and support to self-testing, security control assessment, preparation of remediation plans, and development of continuous monitoring plans.

What You'll Bring:

• Have minimum of 10 years’ experience (preferred);
• 8 years of experience with cybersecurity or information assurance (required);
• BS degree in Computer Science or related field (required);
• Strong communication skills with ability to articulate and translate security and risk management terminology in business terms;
• Thorough understanding of the latest security principles, techniques, and protocols;
• Detailed technical knowledge of cloud security, application security, mobile security, and secure development methodologies;