Application Security Engineer

Our innovative and growing company is seeking a talented individual to fill the role of an Application Security Engineer to join our dynamic team at Applied Research Associates, Inc (ARA).  The Application Security Engineer position holds the responsibility of identifying and reducing security risks in the supported software applications developed in-house.  The ideal candidate will consult with other developers and product managers to analyze and propose application security standards, methods, and architectures. ARA is a 100% employee-owned company that offers excellent benefits package that includes medical, dental, vision, retirement and more.

This position is located at Eglin AFB, Florida on the Gulf Coast of Florida.

ARA offers an excellent benefits package that includes:


* 401-K Retirement (both Traditional and Roth) with employer matching


* Employee Stock Ownership Plan


* Various insurance options including Flexible Spending Plan and a Health Savings Account (HSA)


* Paid leave and holidays

 Application Security Engineer Duties include:


* Develop security training and guidance to internal and external development teams.


* Provide subject matter expertise on architecture, authentication, encryption, and systems security for support software applications developed in-house.


* Create and maintain artifacts in a protected repository established as the sole source of truth.


* Assess security tools and integrate tools as needed, particularly open-source tooling.


* Assist with assessment activities to improve the technology in use.

Technical:


* Familiar with common security libraries, RMF security controls, common security flows, and vulnerability assessments for C++ applications


* Ability to discover and patch database, GUI, authentication and authorization flaws, and other security vulnerabilities contained in the software applications.


* Experience with Atlassian tools and CI/CD pipeline integration of security assessment and remediation measures


* Experience with CheckMarx, SonarQube, and other application security analysis tools


* Heavy experience with SAST, DAST, OSA, and secure software supply chain is a must.

Code Quality:


* Proactively identify and reduce security risks in the supported software applications developed in-house.


* Find and remove outdated and vulnerable code and code libraries.

Communication:


* Consult with other Developers and Product Managers to analyze and propose application security standards, methods, and architectures.


* Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities in collaboration with security teams.


* Educate other developers on secure coding practices.


* Ability to professionally handle communications with outside researchers, users, customers, and organizations.


* Ability to communicate clearly on techn...