Leveraging cloud computing, distributed systems, and big data processing and analytics tools, USTAS Technologies, Inc. delivers service-oriented solutions to industry-leading organizations and agencies.

Looking to Begin a Career with USTAS? Apply Now!

Job Seekers

Application Security Engineer

Rockville, MD

Major Purpose:
The Application Security Engineer (ASE) is responsible for monitoring, analyzing, verifying, and reporting on the security of the organization's applications and systems. The ASE has responsibility for security operations and risk management, and ensures that security risks to the organization's systems are known, evaluated for significance, communicated, and addressed through effective application of security controls and processes.

Essential Job Functions:
Assess and monitor applications for security vulnerabilities. The ASE is responsible for applying appropriate tools and techniques to identify vulnerabilities in software and systems.
Investigate, triage, track, and promote the timely resolution of known security exposures.
Monitor and maintain security controls to ensure effective operation. This may include administration of diverse tools such as web application firewalls, GRC tools, and data encryption solutions.

Other Job Functions May Include:
Research information security products and technologies.
Prepare and deliver written and verbal communications in professional and persuasive manner. This may include security assessment reports, status reports, etc.
Advise internal clients on appropriate application of existing security services to solve problems or enable new business opportunities.
Perform other duties and responsibilities as assigned.

Education/Experience Requirements:
Bachelors of Science in Computer Science, Information Technology, or related field; concentration in information or software security a plus.
Three years' professional experience in successfully executing the essential job functions of this position. Advanced degree may be considered to partially meet this experience requirement.
Professional technical experience working with a substantial segment of the following tools, technologies, and processes to promote, monitor, analyze, and validate IT system security:

Highly Desirable:
Execution of a successful vulnerability monitoring and management program, to include risk identification, risk evaluation/triage, consensus building where needed, reporting and communication, and remediation verification.
Web application vulnerability assessment tools such as AppScan, WebInspect.
Code security assessment tools such as Fortify.
Development languages/environments such as C#/.NET, J2EE, including familiarity with their native security services and common deficiencies. Demonstrable professional experience as a software developer in these technologies is a significant plus.
Configuration and troubleshooting of continuous integration platforms and build tools such as CruiseControl, Jenkins, Ant, Maven.
Configuration and operation of a professional GRC system, particularly RSAM IT-Risk Management tool.

Also Desirable:
Scripting with Perl or Python as well as client-side technologies such as GWT, YUI, and JQuery.
Configuration and administration of operational security controls, particularly Imperva Securesphere, Voltage, Vormetric.
Administrative experience with operating systems, particularly Linux, and Windows Server.
Excellent technical writing, documentation development, process mapping, and visual communication skills.
Strongly collaborative, with excellent interpersonal and verbal communication skills.
Financial services industry experience a plus.

Working Conditions:
Standard business day in a professional office complex is typical. On-call support for Information Security emergencies with extended hours to resolve issues & emergencies may be expected. Occasional travel may be req

Apply Now