Senior Application Security Engineer

Description

MBL Technologies, Inc. offers a diverse set of management and technology consulting services to Federal government and commercial markets. Our solutions are tailored to support each client’s mission, accounting for their unique needs and operating environments to ensure success. We bring the right people, capabilities, and expertise together to assist our clients with enabling their mission. Together our individual differences drive successful business results.

If you are transitioning from military to civilian life, have prior service, are a retired veteran, or a member of the National Guard or Reserves, or spouse of an active military service member, we encourage you to apply. Please visit our webpage for information on our policies and benefits for the military and veteran community.

Why Work With Us?

• We trust, empower, and believe in our employees to soar to their fullest potential!
• We offer a robust benefits package (medical, dental, vision, STD, Accident, Life, Hospital Insurance, FSA, HSA, 401K match, professional development stipend, etc.).
• We love to have fun and give back to the community. Community Service and Employee Engagement events are atop our calendar events!
• We genuinely like each other and champion everyone to achieve their own greatness!

MBL Technologies is currently hiring for a Senior Application Security Engineer to enhance our application security team. In this role, you will work directly with our security team to support and advance our security initiatives. Your responsibilities will include: 

• Supporting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode.
• Conducting vulnerability assessments and application security testing with Burp Suite.
• Designing and implementing enterprise-wide security controls to secure applications, systems, networks, and infrastructure.
• Collaborating with development teams using tools such as Eclipse, JDeveloper, or Visual Studio, and integrating security into the development pipeline.
• Ensuring the security of enterprise web applications through a thorough understanding of OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
• Navigating and troubleshooting Linux or UNIX environments, including addressing basic website connectivity issues.

Key Responsibilities:

• Support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and IDE Plug-in environments using Veracode.
• Utilize Burp Suite for vulnerability assessments and application security testing.
• Design and implement enterprise-wide security controls to secure applications, systems, networks, and infrastructure.
• Work with development environments such as Eclipse, JDeveloper, or Visual Studio.
• Ensure the security of enterprise web applications by applying knowledge of OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
• Navigate and troubleshoot Linux or UNIX environments, including basic website connectivity issues.
•  Collaborate with teams to integrate security controls into the development lifecycle and pipeline. 

Requirements:

• 6+ years of Information Technology experience.
• 3+ years of experience with Veracode, including supporting SAST, DAST, and IDE Plug-in environments.
• 2+ years of experience with Java, Python, .NET, or C#.
• 3+ years of experience with Burp Suite.
• 3+ years of experience in designing and implementing enterprise-wide security controls.
• Familiarity with Eclipse, JDeveloper, or Visual Studio, including pipeline development.
• Knowledge of securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
• Understanding of federal compliance standards, such as NIST 800-53, FIPS, or FedRAMP.
• Ability to obtain a security clearance.
• HS diploma or GED.

Additional Qualifications (Preferred):

• Experience with Interactive Application Security Testing (IAST) capabilities and tools.
• Experience with Selenium for automated testing.
• Proficiency in writing bash scripts.
• Experience with OWASP ZAP or Burp Proxy.

MILITARY OCCUPATIONAL SPECIALTY CODES (MOS codes):

170A, 170D, 17A, 17B, 17C, 17D, 24B, 25B, 47D, 94F, IT, 17 5309, 6203, 9735, 9740, 9890, 9891

CORPORATE CITIZEN:

MBL Technologies’ vision is to make a positive difference – for our people, our customers, and our communities. As such, a commitment to service and excellence has been woven into the very fabric of our culture. MBL employees demonstrate a willingness to consistently go above and beyond and strive for excellence in all we do – championing, protecting, and celebrating the core business through the mission, vision, and values. All are expected to be good corporate citizens, supporting one another and internal corporate initiatives to build a stable business platform and ensure lasting company success.

Benefits:

MBL Technologies offers a competitive salary adjusted for candidate qualifications partnered with an industry-leading benefits package. This package includes incentive plans with corporate and individual-based performance bonuses, 401K, PTO, remote work, health and wellness programs, employee discounts, and learning and development reimbursement.

EEO STATEMENT:

MBL Technologies is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or protected veteran status.