Grindstone is an innovative, Minority Owned Small Business specializing in providing cutting-edge solutions to businesses and government agencies in the Mid-Atlantic region. We are looking for an Application Security Engineer. If interested after reviewing the description below, please apply and someone from the Grindstone team will reach out to you.

The Application Security Engineer will support performing Automated and Manual Secure Code Reviews. The candidate will need extensive experience using common source code scanning tools such as Veracode, SD Elements, etc. 

ESSENTIAL FUNCTIONS

• Identify, highlight and provide application / API security requirements and recommendations to the product teams during the architecture and design review phase
• Conduct in-house penetration testing and code review
• Provide consultancy to the product development, engineering & operations teams on technical security issues and remediation
• Take ownership of the application vulnerability management process
• Ensure scan results are analyzed in a timely manner
• Categorize the vulnerabilities as per the defined process
• Ensure that SAST and DAST vulnerability scans run at the scheduled time
• Ensure fixes are applied as per the vulnerability policy
• Track open issues and follow up with different teams to address them

QUALIFICATIONS:

• 5 years of experience as a developer or in application security
• Hands-on experience with different languages like Java, C/C , Nodejs, PHP, etc
• Knowledge of security flaws and their resolution as listed in sites like OWASP, SANS, etc.
• Experience in secure application programming, performing code reviews, and penetration testing
• Knowledge of software design, network architecture, protocols, and standards preferred

EDUCATION

Bachelor’s degree or higher in computer science, Information Technology, Information Security, or similar fields.

SECURITY CLEARANCE:

US Citizen
Public Trust (clearable)