Application Security Engineer

Title: Application Security Engineer

Clearance Required: Public Trust

Location: Remote, USA

Position Type: Full-Time

About the company:

At VivSoft, we aim to solve complex federal problems using emerging and open technologies in a collaborative and rewarding environment. VivSoft is a diverse team of strategists, engineers, designers, and creators experienced in building high performance effective softwares, with impactful organizational design and organizational dynamics for software delivery. We build secure Software Factories based on DoD reference designs and NIST Frameworks for Cloud and DevSecOps. These factories deliver AI/ML Applications, Data Science Platforms, Blockchain and Microservices for DoD, Healthcare and Civilian Agencies

Job Summary:

We are seeking an Application Security Engineer to support the modernization of a large-scale enterprise software development platform. This role focuses on securing CI/CD pipelines, enforcing DevSecOps best practices, and implementing automated security testing throughout the SDLC. The engineer will work closely with development and platform engineering teams to embed security into reusable templates, GitHub Actions, and deployment workflows, ensuring applications are built and deployed securely across environments.

Key Responsibilities:

• Using GitHub Advanced security, review security findings of the organization.
• Review, validate, and approve request to remediate security findings.
• Review, validate, and approve request to dismiss security findings.
• Collaborate with Federal POC and FDIC security team to create and implement application security processes and standards.
• Identify gaps and design solutions to improve application security at the FDIC.
• Provide guidance to FDIC developers in regard to remediating findings when needed.

Required Skills:

• Bachelor’s degree in Computer Science, Engineering, Information Technology, or related field, or equivalent professional experience.
• Proficiency in at least one or two major enterprise languages (e.g., Java, .Net, C#, JavaScript) to effectively review code and understand development context.
• Experience integrating security tools (SAST/DAST/SCA) into CI/CD pipelines to automate vulnerability scanning.
• Proficient in conducting and interpreting results from
• SAST (Static Analysis Security Testing)
• DAST (Dynamic Analysis Security Testing)
• Manual Code Review for security flaws
• Deep understanding of the OWASP Top 10 and other common application security attack vectors (e.g., injection, XSS, broken access control).
• Knowledge of security considerations for large, complex enterprise architectures, which may include Cloud Security (AWS, Azure, or GCP), API security, and microservices.