Skills

Python Java JavaScript Network Security Penetration Testing Security Policies and Procedures Burp Suite GitLab CI/CD Jenkins Training Programming AWS Software Development

Job Specifications

Role: Sr. Pentester / AppSec Engineer

Location: Rockville, MD or Tysons Corner, VA

Duration: Long Term

Description:

Plan, coordinate and implement application security practices in each phase of software development life cycle though testing, remediation support, tool evaluation, etc.

This role involves in evaluating security vulnerabilities, security tools, implementing security solutions, and leveraging latest solutions to secure code review capabilities.

Perform security assessments and manual penetration testing using tools such as Burp Suite and other proxy tools.

Triage static (SAST), dynamic (DAST), interactive (IAST) analysis results to identify, prioritize and remediate security vulnerabilities.

Integrate security practices into C/CD pipeline to support DevSecOps initiative.

Maintain documentation of security findings, remediation plans, and compliance requirements

Develop and interpret security policies and procedures Participate in security compliance efforts

Develop and deliver training materials and perform general security awareness and specific security technology training

Evaluate and recommend new and emerging security products and technologies

Leverage GenAI technologies to scale application security reviews and automate code analysis

Evaluate various application security tools/capabilities i.e., SAST,DAST, IaC, Secrets detection tools

Stay current with emerging security threats and countermeasures.

Ability to train or explain the common security issues to raise the security awareness among developers and assurance engineers.

Perform AWS configuration reviews

Qualifications:

5+ years of experience required in Cyber security and application security

Familiarity with SAST, DAST, IAST tools.

Understanding of AWS is required

Deep understanding of OWASP top issues and remediation guidelines.

Proficiency in one or more programming language ( Java, Python, JavaScript is preferred)

Understanding of CI/CD tools such as Jenkins and GITLAB.

Familiarity with GenAI tools is a plus.

Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security

Candidates with software development background is a plus

Consistent implementation of security solutions

Experience in infrastructure or application-level vulnerability testing and auditing

Certifications like GWAPT, OSWE, Burp Suite Certified Practitioner are good to have

# LI-CGTS

# TS-2505

About the Company

We are a global technology solutions company that powers breakthroughs for the world’s leading organizations. These solutions — digital workplace, cloud, applications & infrastructure, enterprise computing and business process solutions — help people overcome obstacles and not only reach their greatest potential but go beyond it. For more information about how we deliver for our clients, visit https://www.unisys.com/. Know more