Security Software Engineers

Evurge Solutions is seeking is a Security Software Engineer with the following experiences and requirements to test, advise and consult on application security for internal and external web systems and applications.

Verify findings as needed with application development team

Perform manual source code review for security vulnerabilities

Write formal security assessment report for each application

Perform bug hunting/penetration testing, threat modeling, risk analysis and thorough reporting to Security, Dev and Ops teams

Identify and remediate XSS, CSRF, SSRF, RCE and other attack surfaces

Demonstrated ability to meet deliverables, timetables, and deadlines.

Knowledge of current and emerging security and information technology standards and practices.

Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience.

Other activities to ensure performance and the information security program

Position Type
Full-time

Location
Chantilly, VA

Apply
Qualifications
Understanding of web service technologies such as XML, JSON, SOAP, and REST

Thorough understanding of security methodologies and frameworks like SSDLC, MITRE ATT&CK, NIST CSF and OWASP Testing Guide v4

Strong coding skills in multiple common languages such as C#, Python, Ruby, Perl, Go, PHP and SQL and working knowledge of network and web related protocols TCP/IP, UDP, IPSEC, HTTP/S and BGP

Identify and remediate XSS, CSRF, SSRF, RCE and other attack surfaces

Security compliance regimes: NIST, PCI-DSS, ISO 27000, CIS, etc.

Background in J2EE, web frameworks, and .NET is a plus

Requirements
Must be able to obtain a Public Trust Clearence.

Experience
Hands-on experience working with application security in the realms of smoke testing, error handling, static code analysis, pre commit hooks, attack mapping, container security, continuous monitoring, authentication, session management and dependency mapping as well as penetration test tooling like Burp Suite, Metasploit and WebInspect

Vulnerability Management, Threat Vector Analysis, Intrusion Detection and Prevention, Incident Management and Response, Web Application Security, Risk Assessment and Mitigation Methodologies

Proficiency in building and automating efficient and effective scripts from scratch with languages such as Python, Node.js, sh, Perl, etc.

Experience applying knowledge of information security concepts and theories through technical and non-technical methods.

Solid understanding of cyber security threats, risks, vulnerabilities, and attacks, giving insight into threat actor motives, capabilities, and techniques.

Experience with WebInspect, AppScan Source, Fortify, Veracode, Sonatype or Blackduck platform

Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.