Application Security Engineer

Job Description

Application Security Engineer

• Tysons Corner, VA
• Full-time in person from Strategy Office - 5 days per week

Job Description

Join Strategy’s IT Security group as an Application Security Engineer and play a crucial role in safeguarding Strategy’s software applications while using modern security and AI tooling. In this position, you will be responsible for integrating security practices throughout the software development lifecycle, ensuring that our software products are resilient against vulnerabilities.

• Secure SDLC Integration: Work closely with development teams to integrate security into the SDLC, including threat modeling, secure code reviews, and security testing .
• Vulnerability Management: Identify, triage, and remediate security vulnerabilities through static and dynamic application security testing (SAST/DAST) and software composition analysis (SCA ) tools.
• Security Assessments & Penetration Testing: Conduct **** manual and automated penetration testing **** of web, mobile, and cloud applications to detect security flaws.
• Secure Code Review: Analyze source code and provide security recommendations to developers to ensure adherence to secure coding best practices.
• Threat Modeling & Risk Analysis: Perform threat modeling to anticipate potential attack vectors and improve security architecture.
• DevSecOps Enablement: Support and enhance DevSecOps initiatives by integrating security automation within CI/CD pipelines.
• Incident Response & Remediation: Assist in investigating security incidents related to applications and work with engineering teams to remediate threats.
• Security Awareness & Training: Educate and mentor developers on OWASP Top 10, SANS 25, and other security best practices .

Qualifications

• Bachelor's degree in Computer Science, Engineering, or related field
• Minimum 2 years of software development or software security experience in an agile environment
• Hands-on experience with SAST, DAST, IAST, and SCA tools (e.g., Checkmarx, Fortify, Veracode, SonarQube, Burp Suite, ZAP).
• Fluent in one or more programming languages, such as Python, Java, JavaScript
• Strong knowledge of secure coding principles and application security frameworks
• Familiarity with security tools (e.g., static and dynamic analysis tools, vulnerability scanners)
• Understanding of security standards and regulations (e.g., OWASP, NIST)
• Hands-on experience with Generative AI and/or ML in creating innovative applications that enhance productivity and efficiency, coupled with a strong eagerness to learn
• Experience with cloud security best practices in AWS, Azure, or GCP.
• Strong work ethic with a commitment to meeting business needs and effectively collaborating with global colleagues
• Effective interpersonal skills; ability to collaborate successfully with both technical and non-technical stakeholders
• Ability to articulate complex technical concepts with clarity, supported by effective written and verbal communication skills

Qualifications

Additional Information

Strategy is an equal opportunity employer. All applicants will receive consideration for employment without regard to race, creed, color, religion, national origin, gender, sex, sexual orientation, gender identity, disability, veteran status, age, genetic information, or any other legally-protected basis.

Strategy provides reasonable accommodation for qualified individuals with disabilities in the hiring process. If you have any difficulty using our online system and you need an accommodation due to a disability, you may contact us about your interest in employment at application_accommodations@strategy.com.

Visit Strategy’s Careers page for additional information.