Application Security Engineer (683972)
About the Opportunity
- We are only considering US Citizens and Green Card holders for this position. We are unable to sponsor for this role.
- We are only considering local candidates who currently reside within 45 minutes of postal code 17110
- No Third Party Agencies
- $61 per hour 1099, W2 + Benefits Rate Available
- 100% Work From Home in Harrisburg, Pennsylvania
- Job Id: OST-683972
- Must be able to provide proof of COVID-19 vaccination plus booster shot
- Contract Term: Till end of the 2022 fiscal year with yearly extension based upon performance
Short Description
The Commonwealth of Pennsylvania’s Office of Administration, Office for Information Technology (OA/OIT) Enterprise Information Security Office (EISO) is seeking an Application Security Engineer to provide assistance in conducting vulnerability scanning of new and existing applications. The ideal candidate will have 2+ years of experience with application testing tools and static and dynamic analysis.
* Note: This position is currently work from home, but at some time in the future, the selected candidate may be required to work on-site in Harrisburg, PA.
Required Skills/Years of Experience
- Bachelor’s degree in IT or related field or equivalent experience
- 2+ years of application testing tools and static and dynamic analysis
- 1+ years of proven experience in identifying and exploiting business logic and framework related vulnerabilities in removing false positives, and analyzing dynamic scans
- 1+ years of ability to clearly articulate findings from tests and apply findings to Commonwealth policy
- 1+ years of knowledge of secure SDLC, CI/CD and Security standards (OWASP application security verification standard, NIST and CWE)
- 1+ years of practical experience with a scripting language (.NET, Java, SQL, etc.)
- 1+ years of program management
- 1+ years of Microsoft Office (Word, Excel, PowerPoint, Visio and Project)
Desired Skills/Years of Experience:
- ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Authorization Professional (CAP)
- Certified Application Security Engineer (CASE)
Complete Description
The Commonwealth of Pennsylvania’s Office of Administration, Office for Information Technology (OA/OIT) Enterprise Information Security Office (EISO) is seeking an Application Security Engineer to provide assistance in conducting vulnerability scanning of new and existing applications. The ideal candidate will have 2+ years of experience with application testing tools and static and dynamic analysis.
The Application Security Engineer will be tasked to:
- Provide assistance in conducting vulnerability scanning of new and existing applications
- Report directly to and take direction from the EISO Program Manager
- Participate in planning sessions with vulnerability staff
- Assist the EISO staff as needed in coordination efforts across independent scanning efforts at the Enterprise and at other business units and agencies
- Create reports and recommendations from your findings, including the security issues and the associated risks with those findings
- Provide recommendations for security related findings and how to mitigate risks associated with those findings
- Demonstrate excellent communication skills to work smoothly with both technical and business leadership
Hiring Expectations
- We are only considering US Citizens and Green Card holders for this position. We are unable to sponsor for this role.
- No Third Parties
- Right to Represent authorization is required
- Expect technical interview screening
- Expect F2F interview
- Background check and/or credit check will be required