Application Security Engineer

Our innovative and growing company is seeking a talented individual to fill the role of an Application Security Engineer to join our dynamic team at Applied Research Associates, Inc (ARA). The AppSec Engineer position holds the responsibility of identifying and reducing security risks in the supported software applications developed in-house. The ideal candidate will consult with other developers and product managers to analyze and propose application security standards, methods, and architectures. This position is located at Eglin AFB, Florida on the Gulf Coast of Florida.

ARA is an employee-owned, international, research and engineering company recognized for providing technically superior solutions to complex and challenging problems.

ARA offers an excellent benefits package that includes:

• 401-K Retirement with employer matching contribution
• Employee Stock Ownership Plan
• Various insurance options including Flexible Spending Plan, Health Savings Account (HSA)
• Paid leave and holidays

Duties:

• Develop security training and guidance to internal and external development teams.
• Provide subject matter expertise on architecture, authentication, encryption, and systems security for support software applications developed in-house.
• Create and maintain artifacts in a protected repository established as the sole source of truth.
• Assess security tools and integrate tools as needed, particularly open-source tooling.
• Assist with assessment activities to improve the technology in use.

Technical:

• Familiar with common security libraries, RMF security controls, common security flows, and vulnerability assessments for C++ applications
• Ability to discover and patch database, GUI, authentication and authorization flaws, and other security vulnerabilities contained in the software applications.
• Experience with Atlassian tools and CI/CD pipeline integration of security assessment and remediation measures
• Experience with CheckMarx, SonarQube, and other application security analysis tools
• Heavy experience with SAST, DAST, OSA, and secure software supply chain is a must

Code Quality:

• Proactively identify and reduce security risks in the supported software applications developed in-house.
• Find and remove outdated and vulnerable code and code libraries.

Communication:

• Consult with other Developers and Product Managers to analyze and propose application security standards, methods, and architectures.
• Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities in collaboration with security teams.
• Educate other developers on secure coding practices.
• Ability to professionally handle communications with outside researchers, users, customers, and organizations.
• Ability to communicate clearly on technical issues.

General Requirements:

• You have a passion for security and open source.
• You have a passion for security software supply chain.
• You have an inquisitive nature for discovery of root cause.
• You have a proactive attitude towards challenges and technology.
• You have a drive and passion for technology and capabilities.
• You employ a flexible and constructive approach when solving problems.
• You're a recognized security expert in multiple specialty areas with cross-functional team experience.
• You provide actionable and contrastive feedback to cross-functional teams.
• You assist in making security architecture decisions for software applications.
• You implement security technical and process improvements.
• You have superior written and verbal communication skills.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)