Mid-level application security engineer

Requirements Must have: - Proficient in the implementation, operationalization, and troubleshooting of Black Duck and Checkmarx - Solid understanding of Continuous Integration / Continuous Delivery (CI/CD) pipeline tools and processes such as GitHub Actions, GitLab Runners, Azure DevOps, Jenkins, and CircleCI - Experience in software engineering, ideally with full stack software development leveraging modern technologies and application architectures - Strong scripting and automation skills in one or more programming languages - Comprehensive knowledge of application security principles including the OWASP Top 10, threat modeling, and secure coding practices throughout the Software Development Lifecycle (SDLC) - Excellent verbal and written communication skills - Familiarity with additional Static Application Security Testing (SAST) tools like Semgrep, CodeQL, Veracode is a plus - Experience in customizing SAST rules and working with other Application Security tools such as IAST, DAST, and API security - Practical experience validating vulnerabilities and proficiency with Burp Suite - Strong understanding of Secure Development Lifecycles and ability to triage and remediate vulnerabilities identified by web application scanning tools - Knowledge of automated security testing methods and CI/CD integration of security - Prior experience as an application security practitioner or software engineer - Bachelors degree in a relevant field or equivalent experience - 3-5 years of experience in security engineering within the Information Security sector Responsibilities: - Implement and operationalize Black Duck and Checkmarx to enhance security measures - Utilize CI/CD pipeline tools to streamline security practices - Engage in full stack software development with an emphasis on security best practices - Develop scripts for automation to optimize security processes - Apply application security fundamentals to ensure secure coding throughout the SDLC - Communicate effectively with team members and stakeholders regarding security protocols - Explore and implement additional SAST tools to strengthen application security - Customize SAST rules and assess other Application Security tools for effectiveness - Validate vulnerabilities utilizing tools like Burp Suite and implement remediation strategies - Contribute to the integration of security in development processes through collaborative efforts - Stay informed on automated security testing methods and their application in CI/CD pipelines Company: At GuidePoint Security, we are dedicated to delivering trusted cybersecurity expertise, solutions, and services to enable organizations to make informed decisions while minimizing risks. Since our establishment in 2011, we have grown to over 1,200 professionals and serve more than 6,200 customers, including Fortune 500 companies and U.S. government agencies. We pride ourselves on our strong core values that shape our collaborative and supportive workplace atmosphere. We offer an array of benefits, including remote work options, competitive health insurance plans, a flexible time off program, and more, making this an exceptional opportunity to grow professionally in one of the fastest-growing companies in the nation.