Senior Application Security Engineer

Job Description

Description

SAIC is seeking a skilled and motivated Senior Application Security Engineer to strengthen our cybersecurity team and cater to the evolving needs of our federal customer. As a technical expert in mobile application and API security, you will play a crucial role in identifying vulnerabilities within these systems. Your work will contribute to enhancing the overall security posture of our organization.  Among other tools, technologies, and techniques you will use in your position, you will do the following:

• Mobile Application and API Security Testing: Employ your expertise in mobile application and API security to conduct comprehensive penetration testing exercises. Utilize industry-standard tools and methodologies to identify potential cyber weaknesses in these systems.
• Risk Evaluation and Reporting: Utilize a risk-based approach to evaluate the findings from your penetration testing activities. Craft detailed and insightful reports outlining vulnerabilities, potential exploits, and recommended remediation strategies.
• Collaboration and Technical Assessment: Collaborate closely with cross-functional teams, including system administrators and Information System Security Officers (ISSOs). Offer technical assessments of mobile applications and APIs across all layers of the technology stack. While deep expertise in all domains is not mandatory, a solid understanding of how different layers interact is crucial.
• Engagement with Stakeholders: Engage with system admin teams and ISSOs to discuss your findings and ensure a clear understanding of identified vulnerabilities. Your communication skills will be essential in verifying the adequacy of remediation efforts, supporting system administrators in addressing security weaknesses effectively.
• Scenario Design and Testing Strategy: Leverage your knowledge of tactics, techniques, and procedures (TTPs) used by threat actors to design relevant testing scenarios. Your ability to simulate real-world threats will contribute to robust security testing strategies.
• Continuous Process Improvement: Actively contribute to the development of standardized operating procedures (SOPs) for mobile application and API penetration testing. Your input will be valuable in refining and enhancing the efficiency of our testing processes.
• Knowledge Expansion: Stay up to date with the latest trends and developments in mobile application and API security. Continuously build upon your expertise to adapt to emerging threats and evolving technologies.

Qualifications

Required Qualifications:

• Bachelor's degree in an IT-related field and 5 years of related experience; Additional experience in lieu of BS degree.
• Certifications: Possesses at least one professional certification relevant to the technical service provided. Maintain a certification relevant to the product being deployed and/or maintained. Professional certifications must be approved by the FPM or FDPM. Relevant certifications such as Certified Mobile Application Security Tester (CMAST) or similar credentials are a plus.
• Mobile Application and API Security Testing Experience: A minimum of 5 years of hands-on experience in conducting mobile application and API security testing including penetration testing is required. Your deep understanding of mobile and API vulnerabilities, exploits, and countermeasures is crucial to the success of this role.
• Hardening and Remediation: Demonstrated expertise in system hardening and remediation is necessary to effectively guide system administrators in addressing vulnerabilities and implementing security controls.
• Familiarity with industry-standard tools and methodologies for mobile application and API security testing.
• Strong analytical skills to assess risks and vulnerabilities in complex systems.
• Communication Skills: Excellent written and verbal communication skills are indispensable. You will be responsible for preparing detailed reports and effectively communicating findings and remediation guidance to both technical and non-technical stakeholders. Your communication prowess will facilitate collaboration and understanding among stakeholders from various technical backgrounds.
• Collaborative Mindset: The ability to work collaboratively within a team environment is essential. You will engage with various teams, including system administrators and ISSOs, to ensure a holistic approach to security.

Preferred Qualifications:

• Proficient with Mobile Application and API Penetration Testing Tools: Possess 3+ years of hands-on experience using standard penetration testing suites tailored for mobile applications and APIs, such as Metasploit, nmap, burp suite, and tools within Kali Linux. Your proficiency in these tools will play a key role in identifying vulnerabilities unique to mobile and API environments.
• Effective Senior Leadership Briefing: Demonstrate a track record of effectively briefing senior leadership on technical matters related to mobile application and API security. With 2+ years of experience in this capacity, your ability to translate complex security findings into actionable insights will be invaluable.
• Flexibility for After-Hours Work: Occasionally, there is the possibility to work after-hours as necessary to accommodate testing requirements and minimize operational impact.
• Active Security Research: Showcase your commitment to staying current with emerging technology trends by actively engaging in security research. Your ability to anticipate new threats and vulnerabilities will contribute to proactive security measures.
• Familiarity with MITRE ATT&CK Framework: Demonstrate familiarity with the MITRE ATT&CK framework, showcasing your understanding of adversary tactics, techniques, and procedures. This knowledge will guide your testing scenarios and ensure comprehensive assessments.
• Collaboration with ISSOs: Highlight your capability to work closely with Information System Security Officers (ISSOs) to align findings with associated security controls. This collaboration ensures that identified vulnerabilities are effectively mitigated.
• Cloud Technology Expertise: Demonstrate a working knowledge of various enterprise technology stacks used to build applications in the cloud. Your understanding of cloud infrastructure will enable you to assess security aspects unique to cloud-based mobile applications and APIs.
• Cloud Platform Experience: Possess working knowledge and practical experience in security testing within cloud platforms, particularly AWS, Azure, and Google Clouds. Your familiarity with these environments will be crucial for assessing the security of cloud-hosted mobile applications and APIs.

Citizenship / Clearance Requirements:

• U.S. citizenship required.
• Government Security Clearance: The ability to obtain and maintain a U.S. government security clearance is essential for this role. Your eligibility to access classified information and work on secure projects is a fundamental requirement.

Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective and efficient solutions that are critical to achieving our customers' missions.

We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity, and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.9 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.