Job details

Application Security Engineer

At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.

phia is seeking an Application Security Engineer to collaborate with a Federal client and thier key stakeholders in maintaining a robust security posture. This remote position offers the flexibility to work from home anywhere within the United States. U.S. citizenship is required with the ability to obtain public trust status. As a member of the Application Security Team, you will tackle complex security challenges, and develop innovative solutions, while having a meaningful impact on national security. If you are passionate about problem-solving, driven by innovation, and eager to contribute to the nation's cybersecurity efforts, we invite you to explore this opportunity.

What You'll Do

Remediate application security flaws in conjunction with the application security team.
Lead security discussions with the application teams to prescribe security best practices within their development lifecycle.
Perform dynamic and static application performance testing, perform security requirements creation or generation level threat modeling leveraging tools, including SD elements, and perform application level testing using applications such as Burp Suite. Work with the latest OWASP frameworks.

Required: Education + Experience

Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field. Additional years of experience may be substituted for a degree.
3+ years of experience with Java, Python, .NET, or C#
3+ years of experience using the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services
Experience with Eclipse, Visual Studio, or JDeveloper, including pipeline development
Experience with setting up SAML authentication
Ability to write Amazon CloudFormation Templates (CFT)
Ability to manage MySQL databases
Ability to troubleshoot Linux Nftables and IPTables at the command line

Desired Certifications (one or more)

Secuirity+
AWS Certified Solutions Architect or Developer Certification (AWS)
Cisco Certified Network Associate (CCNA)
Microsoft Certified Solutions Expert (MCSE)
Red Hat Certified System Administrator (RHCSA)
EC-Council Certified Security Specialist (ECSS)

Bonus points if you have:

Experience with one or more of the following technologies: Networking, including CISCO, Juniper, or Palo Alto, operating systems, including Windows Server, Redhat, or Linux, cloud services, including AWS, Azure, Salesforce, Okta, O365, or ServiceNow, or Mobile Technologies, including iOS or Xen Mobile
Experience with designing, building, and implementing automation tools, including Ansible, Chef, or Puppet
Experience with Infrastructure as Code tools, including Cloud Formations or Terraform
Experience with container platforms, including OpenShift
Experience with chaos engineering and blue or green deployments
Experience with Serverless, including Lambda, API Gateway, Step Functions, and SAM
Experience with application performance analysis and monitoring, including ELK
Experience with an Agile release methodology
Experience with securing cloud-based systems
Knowledge of NIST 800 Series Instruction/CNSS Directives/Information Assurance regulations
Knowledge of SDN/SDP and hybrid architectures
Ability to describe the differences between, and develop, various TIC 3.0 documentation
Ability to communicate complex and technical concepts clearly
Ability to compellingly justify security architecture decisions and direction to align others to a common vision

Security Clearance

U.S. Citizenship required
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Public Trust determination is required

#LI-LC1

Who You Are

A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.

Intellectually curious with a genuine desire to learn and advance your career.

An effective communicator, both verbally and in writing.

Customer service-oriented and mission-focused.

Critical thinker with excellent problem-solving skills

If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.

Who We Are

phia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia values work-life balance and offers the following benefits to full-time employees:

Comprehensive medical insurance to include dental and vision

Short Term & Long-Term Disability

401k Retirement Savings Plan with Company Match

Tuition and Professional Development Assistance Flex Spending Accounts (FSA)

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.

Average salary estimate

$100000 / YEARLY (est.)

min

max

$80000K

$120000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Application Security Engineer, phia, LLC

Join phia as an Application Security Engineer in Washington, DC, where innovation meets national security! In this exciting remote role, you’ll be supporting a Federal client while making a significant impact on safeguarding our nation's cybersecurity. If you thrive on solving complex security challenges and embrace creative problem-solving, this position is crafted for you. You will work hand-in-hand with the Application Security Team to remediate application security flaws and lead discussions to ensure best practices are embedded in the development lifecycle. Moreover, you’ll perform dynamic and static application testing using cutting-edge tools like Burp Suite and apply your expertise with the latest OWASP frameworks. Your background in Java, Python, .NET, or C# will be your toolkit as you engage in a variety of security tasks that are crucial for maintaining a robust security posture. At phia, you’ll enjoy the flexibility of working from home, anywhere in the U.S., while being part of a passionate team that prioritizes collaboration and meaningful contributions. A Bachelor’s degree in IT or related fields along with three years of relevant experience is needed, but we’re open to candidates with additional experience too. If you’re ready to step up your career and make a real difference in the world of application security, we can’t wait for you to apply and join us at phia!

Frequently Asked Questions (FAQs) for Application Security Engineer Role at phia, LLC

What does an Application Security Engineer do at phia?

As an Application Security Engineer at phia, you will be responsible for remediating security flaws in applications, conducting dynamic and static testing, and championing security best practices throughout the development lifecycle. Collaborating with application teams will be a regular part of your role as you help enhance their security measures and ensure a robust security posture.