Skills

Java JavaScript C# Cloud Security Dynamics GitHub CI/CD Security Testing Training Organization Azure AWS Software Development SDLC .NET GCP Data Science blockchain CI/CD Pipelines Microservices GitHub Actions

Job Specifications

Title: Application Security Engineer

Clearance Required: Public Trust

Location: Remote, USA

Position Type: Full-Time

About the company:

At VivSoft, we aim to solve complex federal problems using emerging and open technologies in a collaborative and rewarding environment. VivSoft is a diverse team of strategists, engineers, designers, and creators experienced in building high performance effective softwares, with impactful organizational design and organizational dynamics for software delivery. We build secure Software Factories based on DoD reference designs and NIST Frameworks for Cloud and DevSecOps. These factories deliver AI/ML Applications, Data Science Platforms, Blockchain and Microservices for DoD, Healthcare and Civilian Agencies

Job Summary:

We are seeking an Application Security Engineer to support the modernization of a large-scale enterprise software development platform. This role focuses on securing CI/CD pipelines, enforcing DevSecOps best practices, and implementing automated security testing throughout the SDLC. The engineer will work closely with development and platform engineering teams to embed security into reusable templates, GitHub Actions, and deployment workflows, ensuring applications are built and deployed securely across environments.

Key Responsibilities:

Using GitHub Advanced security, review security findings of the organization.
Review, validate, and approve request to remediate security findings.
Review, validate, and approve request to dismiss security findings.
Collaborate with Federal POC and FDIC security team to create and implement application security processes and standards.
Identify gaps and design solutions to improve application security at the FDIC.
Provide guidance to FDIC developers in regard to remediating findings when needed.

Required Skills:

Bachelor's degree in Computer Science, Engineering, Information Technology, or related field, or equivalent professional experience.
Proficiency in at least one or two major enterprise languages (e.g., Java, .Net, C#, JavaScript) to effectively review code and understand development context.
Experience integrating security tools (SAST/DAST/SCA) into CI/CD pipelines to automate vulnerability scanning.
Proficient in conducting and interpreting results from
SAST (Static Analysis Security Testing)
DAST (Dynamic Analysis Security Testing)
Manual Code Review for security flaws
Deep understanding of the OWASP Top 10 and other common application security attack vectors (e.g., injection, XSS, broken access control).
Knowledge of security considerations for large, complex enterprise architectures, which may include Cloud Security (AWS, Azure, or GCP), API security, and microservices.

Benefits:

Comprehensive Medical, Dental, and Vision Plans (Healthcare benefits are 100% employer-paid for employees only)
Life Insurance
Paid Time Off (Flexible/Combined PTO, Bereavement Leave, 11 Company Paid Holidays)
401K Retirement Plan with employer match
Professional Development Training Reimbursement

About the Company

Innovating the Public Sector with Cutting-Edge Technologies At VivSoft, we tackle complex public sector challenges with innovative solutions. We're collaborating with business leaders in federal, state, and local governments to drive mission success through DevSecOps, Cloud, AI/ML, and Blockchain Technologies. Our Impact: Transforming federal, state, and local government contracts. Partnering with cutting-edge technology and service providers to solve large-scale problems. Our Team: Our rock star engineers come from leading ... Know more