Application Security Engineer

Founded in 2001, WaveStrong is an industry leader in enterprise and cloud information security consulting services. We pride ourselves on our best of breed security solutions and services that span a myriad of government, education and business verticals. Our staff is comprised of both certified technical and business professionals who can help you successfully navigate complexities of planning, design, implementation and management of securing data. Our approach is vendor agnostic giving our customers the freedom to choose the best customized security model for their business.

Requirements

We are looking for an Application Security Engineer with expertise in AppScan to join our cybersecurity team. The ideal candidate should have a strong experience in DAST and SAST including identifying and mitigating security vulnerabilities in applications throughout their lifecycle, and performing security assessments, penetration testing, and vulnerability management to identify and remediate security risks.

Job Description

• 3 plus years of experience in Application Security
• Proficiency in Application Security, with a particular emphasis on DAST, SAST, and penetration testing practices.
• Perform regular security assessments, including static and dynamic code analysis and penetration testing, to identify vulnerabilities and recommend remediation strategies.
• Proven experience using AppScan or similar security testing tools (e.g., Burp Suite, OWASP ZAP).
• Ensure applications comply with industry standards and regulations such as OWASP Top Ten, PCI-DSS, and GDPR.
• Hands-on experience with automating security testing within CI/CD pipelines.
• Excellent problem-solving skills with the ability to conduct in-depth security analysis.
• Strong communication and interpersonal skills for interacting with technical and non-technical stakeholders.
• Develop and support integration and automation within security, monitoring, reporting, and ticketing platforms
• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).

Nice to Have:

• Certifications such as CEH, OSCP, GWAPT, or CISSP.
• Experience with cloud security in AWS, Azure, or Google Cloud.
• Knowledge of API security, container security (e.g., Docker), and microservices.