Search for Application Security Engineer roles in the Mid-Atlantic region, preferably fully remote, with experience in SAST tools and CI/CD pipelines, and requiring a bachelor's degree.

Okay, I've searched for Application Security Engineer roles in the Mid-Atlantic region, specifically for fully remote positions, requiring experience with SAST tools and CI/CD pipelines, and a bachelor's degree. I found 45 positions that match your criteria.

Application Security Engineer

Mid-Atlantic

Remote

SAST

CI/CD

Bachelor

Can you help me to analyze the job description and company culture?

Sure. Here's the analysis:

Job Analysis:

The Application Security Engineer role at GuidePoint Security is fundamentally focused on enhancing the cybersecurity posture of diverse organizations by integrating application security within the software development lifecycle. This position includes responsibilities like implementing and troubleshooting static application security testing tools (SAST), collaborating on continuous integration and delivery pipelines, and ensuring secure coding practices across development initiatives. Understanding these responsibilities in context reveals the necessity for teamwork across engineering functions, necessitating effective communication skills and a collaborative mindset to navigate cross-departmental challenges and align security protocols with development processes. Candidates will likely encounter problems related to system vulnerabilities, requiring them to use problem-solving skills to validate and remediate these risks. Success in this role will be marked by the ability to seamlessly integrate security measures into existing workflows, reducing vulnerabilities while enabling efficient development cycles. Ultimately, thriving in this role will demand not only technical expertise in app security but also an adaptable approach to both cooperate with engineering teams and educate stakeholders on security needs.

Company Analysis:

GuidePoint Security occupies a crucial niche in the cybersecurity industry, providing trusted expertise that helps organizations mitigate risk amidst increasing digital threats. As a rapidly growing and profitable company, it serves high-profile clients, including Fortune 500 companies and U.S. government agencies, which positions it as a reliable player in an ever-evolving marketplace. This growth trajectory signals a dynamic environment where employees are expected to embrace innovation and adaptability. The company's emphasis on core values suggests a culture that prioritizes collaboration, mentorship, and respect, shaping an atmosphere conducive to professional growth. As an Application Security Engineer, you will likely find yourself embedded in cross-functional teams, where visibility and communication with leadership are fundamental to aligning security practices with overarching business goals. This role is strategically aligned with the company’s aim to integrate secure practices throughout the development process to support the broader initiative of facilitating secure digital transformation for clients.

Mock up some interview questions based on the job description.

Absolutely. Here are some mock interview questions that could come up:

Tell me about a time when you had to troubleshoot a particularly challenging security vulnerability in an application. What was your approach?
Describe a project where you integrated security practices into a software development lifecycle. What challenges did you face, and how did you overcome them?
Can you provide an example of how you've communicated complex security requirements to non-technical professionals?
What motivated you to pursue a career in application security, and how do you stay updated on trends in the industry?
How would you assess the impact of a newly discovered vulnerability on an existing application? What steps would you take to mitigate the risk?
Describe your experience with various CI/CD tools. How have they influenced your approach to security in development?
What coding languages are you most comfortable with, and how have you used them to automate security processes?
Imagine you are tasked with implementing Snyk for a new client. What steps would you take to ensure it is correctly operationalized?
Why are you interested in working at GuidePoint Security specifically, and how do you align with our core company values?
What do you see as the biggest challenges for application security teams in our current landscape?
Can you give an example of how you've raised security awareness or best practices among development teams?
What questions do you have about how the application security team collaborates with other departments within GuidePoint?
How do you prioritize and handle multiple security assessments and projects at once?

Job Details

Overview Company

Application Security Engineer

GuidePoint Security

6 days ago

Highlight

RemoteFull-time3+ yearsMid

Summary

GuidePoint Security is seeking an Application Security Engineer for the Mid-Atlantic region (Remote in VA, MD, PA, NC, DE, NJ, or DC). The role involves providing trusted cybersecurity expertise, solutions, and services to help organizations minimize risk.

About the Role

As an Application Security Engineer, you will guide organizations in evaluating their security posture and ecosystems. You will work with Snyk's Static Application Security Testing (SAST) tool, understand CI/CD pipeline tools and processes, and have experience in software engineering, ideally full stack development. You will also be responsible for scripting and automation, application security fundamentals, and secure coding practices throughout the Software Development Lifecycle (SDLC).

About You

Required:

Proficiency with the implementation, operationalization, and troubleshooting of Snyk's Static Application Security Testing (SAST) tool.
Understanding of Continuous Integration / Continuous Delivery (CI/CD) pipeline tools and processes (e.g. GitHub Actions, GitLab Runners, Azure DevOps, Jenkins, CircleCI, etc.).
Experience in software engineering, ideally full stack software development, including modern technologies and application architectures.
Strong scripting and automation experience using one or more programming languages.
Solid working knowledge of application security fundamentals including the OWASP Top 10, threat modeling, and implementing secure coding practices throughout the Software Development Lifecycle (SDLC).
Excellent written and verbal communication skills.

Preferred:

Proficiency with the implementation, operationalization, and troubleshooting of other Static Application Security Testing (SAST) tools such as Semgrep, CodeQL, Checkmarx, Veracode, etc.
Experience writing or adapting custom SAST rules (Semgrep or CodeQL).
Familiarity with additional Application Security tools (e.g. Interactive (IAST), Dynamic (DAST) and API security, SCA, etc.).
Familiarity with API Security tools (e.g., NoName, Traceable, Salt, Cequence).
Practical hands-on experience validating vulnerabilities and proficiency with Burp Suite.
Strong working knowledge of Secure Development Lifecycles and experience triaging and remediating technical vulnerabilities identified by web application scanning tools.
Understanding of automated security testing approaches and tools.
Experience in building and operating security tools within CI/CD pipelines.
Experience with proactive integration of security into the development process.
Past experience as an application security practitioner or software engineer.

Benefits

Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions).
Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans) with a lump sum contribution ($500 per EE annually / $1000 per family annually).
Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans.
12 corporate holidays and a Flexible Time Off (FTO) program.
Healthy mobile phone and home internet allowance.
Eligibility for retirement plan after 2 months at open enrollment.
Pet Benefit Option.

GuidePoint Security

GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make informed decisions and minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled 40% of Fortune 500 companies and more than half of U.S. government cabinet-level agencies to improve their security posture.

Raleigh, NC