Application Security Engineer

Important Notice for Applicants:

At Bixal, we want to ensure a transparent and secure application process for all candidates. Official communication will come from an email address ending in @bixal.com or from talent@bixal.com. Messages from other sources may be fraudulent, and you should exercise care to avoid any links or attachments included. If you experience any challenges with your submission, please contact us at talent@bixal.com.  We're here to help!

Bixal will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. If you require any accommodation as part of our recruitment process, please contact us at Talent@bixal.com. You can expect a response from a team member within 24 hours during the regular work week and on the next operating day during the weekend or holidays.

About Us:

Bixal is a consulting company based in Fairfax, VA, working alongside governments and organizations to help them deliver better services and experiences to the communities they serve. Using evidence-based knowledge and technology, Bixal empowers clients to deliver on their missions more effectively by fostering a culture of learning and continuous improvement.

Location

This role can work remotely from anywhere in the USA. You must be legally authorized to work in the US. Bixal does not provide visa sponsorship.  

What will you do?

Bixal, a fast-growing agency providing holistic Digital Transformation to clients based in Fairfax VA, is seeking an Application Security Engineer to join our dynamic team. You will provide support to Application Development and Design teams to maintain ongoing production needs as well as create new offerings on federal public facing websites and internal/external digital products.

This is a full-time position contingent on contract award by our client, with a defined performance period of up to three years. This role offers you a unique opportunity to make a meaningful impact on a project that aligns with Bixal’s mission of delivering innovative, human-centered solutions. While the role has a fixed duration, we are committed to transparency and collaboration, keeping you informed about contract updates and new opportunities. At Bixal, we support your professional journey, ensuring your experience reflects our inclusive, purpose-driven culture and prepares you for future success.

• Provide application security expertise, continuous integration, software delivery, software quality, and systems documentation support to digital assets, including the client’s public facing web site, as well as internal software tools
• Work with the Application Development Team to discuss and implement security remediations for web products
• Work closely with Cyber Security and Systems Engineering teams to support compliance, secure baseline development, CVE remediation, and the use of best practices in an AWS FISMA moderate environment
• Provide support to the Application Development Team in configuring and operating continuous integration and delivery (CI/CD) pipelines, incorporating security into build process using tools such as PrismaCloud, and identifying and resolving issues in the build-deploy operation lifecycle
• Use and apply the findings of robust application security monitoring tools, including assisting in the securing and maintenance of the client’s website and internal software tools
• Assist in building a strong technical foundation in build, release, and production using continuous integration tools such as Jenkins
• Engage with various client personnel to understand requirements in order to develop better software for the client and identify new ways in which the development team can easily solve client issues
• Assist the  Application Development team with security focus through participation in daily standup meetings, monitoring, development, and creating issues in the ticket system
• Provide training on a variety of security methodologies, best-practices, and tools along with insight into new technologies and solutions that could help the Application Team and the client at large; and
• Assist in the development of Use Cases, Requirements Definition Documents, User and Administration Manuals, Detailed Design Specifications, and Training Manuals and Plans
• Perform other duties as required

• Bachelor's Degree, at least 4 years of relevant experience.
• Configure, operate, maintain, and monitor various application security tools and services.
• Experience working with vulnerability scanning tools to identify and resolve security vulnerabilities.
• Expertise in integrating security testing in automated continuous delivery pipelines (Jenkins/Travis/Ansible).
• Experience working with a modern web development stack and toolchain.
• Experience working with open source and community solutions.
• Experience in FedRamp IaaS/SaaS.
• Experience with monitoring software dependencies and automating the creation of an SBOM (software bill of materials).
• Collaborate, champion, and mentor software development teams and other stakeholders on secure software development, delivery, and operations.

Perks & Benefits:

Competitive base salary

Flex hours

Work from home flexibility

401K with matching incentive

Parental Leave

Medical/dental/vision benefits

Flex Spending Account

Company provided short-term disability

Company provided life insurance

Commuter benefits

Generous PTO

11 Paid holidays

Professional development opportunities

New business referral bonus

Please note that candidates selected may undergo a background investigation and, if applicable, meet eligibility requirements for suitability.

Bixal is an equal opportunity and affirmative action employer. It ensures equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, veteran status, or any other characteristic protected by law. We are dedicated to promoting diversity, equity, and inclusion within our organization and beyond.