Lead Application Security Engineer

🔥 15 hours ago

⚔️ Virginia – Remote

⚔️ Virginia – Remote

⏰ Full Time

🟠 Senior

💻 Application Engineer

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

phia, LLC

WebsiteLinkedInAll Job Openings

11 - 50 employees

Founded 2011

🔒 Cybersecurity

🏛️ Government

🤝 B2B

Cybersecurity • Government • B2B

<phia, LLC> is a cybersecurity firm that provides cyber assessments, cybersecurity operations, security engineering and development, and advisory services to help clients defend against advanced threats. The company leverages threat intelligence, operations-informed techniques, and industry standards to build resilient solutions and support mission success for its clients and partners.

📋 Description

• Run a Federal Burp Suite Enterprise Program &mdash; Remote Bring your own Burp extensions. • Drive the dynamic application security testing (DAST) program for a federal civilian client operating one of the more complex enterprise environments in government. • Join a four-person skunk-works AppSec team that owns its entire stack end to end. • Architect, operate, and continuously improve scheduled authenticated DAST scanning. • Write and maintain extensions (Python/ Jython or Java/Montoya API) that solve authentication, validation, and workflow problems off-the-shelf tooling can’t. • Lead and drive discussions with DevOps, platform, and identity stakeholders outside the security team. • Administer the team’s Linux servers in AWS (EC2, Cloud Formation), support the migration to OpenShift.

🎯 Requirements

• 8+ years in engineering/security, with deep, recent, hands-on Burp Suite Enterprise and Burp Suite Professional operations • Demonstrated experience writing or significantly modifying custom Burp extensions (Python/ Jython , Java, or Montoya API) • Strong Linux/Unix command-line fluency • Comfortable diagnosing services, disk, memory, and network from a shell, daily Python and Bash scripting; Ansible exposure; experience with Docker/Kubernetes (OpenShift a plus) and AWS • Experience integrating security tooling into GitHub Actions or comparable CI/CD pipelines • Proven technical leadership: you have driven programs or technical decisions across teams and can hold your own • Energetically in a room of senior engineers • An active, visible interest in AppSec and DevSecOps research: you test new techniques, follow the field, and bring ideas to the team unprompted • U.S. citizenship and the ability to complete federal Public Trust vetting (no security clearance required)

🏖️ Benefits

• Medical Insurance • Dental Insurance • Vision Insurance • Life Insurance • Short Term & Long-Term Disability • 401k Retirement Savings Plan with Company Match • Paid Holidays • Paid Time Off (PTO) • Tuition and Professional Development Assistance