Previous Job
Security Software Engineer
Ref No.: 18-00111
Location: Rockville, Maryland
Position Type:Contract
Major Purpose:
The Senior Application Security Engineer (Web Application Firewall – WAF) is responsible for designing, operating, and supporting application-layer security controls that protect and defend applications during runtime.
Essential Job Functions:
  • Provide guidance to SOC personnel on basic security event triage and handling.
  • Perform security event handling.
  • Optimize and tune WAF and other security controls to optimize detection of legitimate issues while minimizing false positives.
  • Coordinate with application-specific security SMEs where application-specific knowledge is required.  
Other Job Functions:
  • Perform other duties and responsibilities as assigned.
Essential Education/Experience Requirements:
  • Bachelor of Science in Computer Science, or equivalent education or experience.  Emphasis in application security a plus.
  • 2+ years of experience with WAF.  This includes deployment, operation, administration, and support.  Experience with AWS-based WAF solutions (e.g., SecureSphereor F5 running in AWS) and Software as a Service (SaaS) based WAF solutions (e.g., Cloudflare, Incapsula) are a strong plus.
  • 2+ years of experience with common Web/App Servers (e.g., IIS, Apache, Nginx, Node.js, Tomcat).
  • Strong understanding of OWASP top 10, DoS, and common application-layer attacks.
  • Good understanding of TCP/IP and basic networking concepts.
  • Good understanding of common Web Applications architectures Familiarity with common programming languages and technologies (e.g., PHP, Java, HTML, JavaScript, RegEx, REST)
Other Desirable Experience:
  • Run-time Application Self-Protection(RASP) solutions.
  • Amazon Web Services (AWS) fundamentals and security (e.g., cloud computing, AWS security concepts including AWS access control and management, governance, logging, and encryption methods)
  • Development Operations (DevOps) methodologies and tools, including agile development and deployment with an emphasis on Continuous Integration/Continuous Delivery (CI/CD)
  • Financial services industry (e.g., Insurance, Banking, Investments)