Sr. AppSec Engineer/ Architect
Length: 3-months (possible extensions)
Location: onsite 2-3 days/week at client office location Tysons, VA.
Role Requirements:
\\\"Our client is looking for a Sr. level Appsec SME to join their security team as an FTE to become lead for Appsec efforts within the team.\\\"

Reporting to the VP of AppSec/Engineering.

Expectation that Sr. level resources need to be self-managing and proactive in their efforts.

Engagement with the teams (Development / IT / GRC) is critical to being a contributing / valued member. Contributions range from AppSec architecture and roadmap guidance to hands on configuration and tuning of SCA/SAST tooling. Objectives include:
-Day / Day administration of SCA and SAST tooling
-Working with Dev s to ensure vulnerability reports are understood and acted upon
-Being the SME for the DevSec tooling to include AutoRabit (CodeScan SAST); CheckMarx -SAST; sonarcube, Github Dependabot
-Understanding of tooling relationships to coding languages (APEX Salesforce)
-Technology evaluation for upcoming SCA and DAST program(s). What not only aligns as best technical fit, but also within the operational supportability
-Review and contribute during BSIMM assessment / audit
-Present Appsec maturity and status to VP/CISO using past experience to benchmark
-Collaborate with teams (Security Champion program) to advocate Appsec within the Org. Must be able to pivot between Architecture and advisement to hand-on AST tooling. Specific CodeScan / Checkmarx isn t as critical as understanding of concepts and being willing and able to learn the specific technology.
Familiarity with BSIMM Framework API security focus; understanding of mulesoft api gateway with API security detection tooling and Akamai for edge and API security would be a nice to have. CICD Focused.