Application Security Engineer

This range is provided by Viv Soft. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

$/yr - $/yr

Direct message the job poster from Viv Soft

At Viv Soft, we aim to solve complex federal problems using emerging and open technologies in a collaborative and rewarding environment. Viv Soft is a diverse team of strategists, engineers, designers, and creators experienced in building high performance effective softwares, with impactful organizational design and organizational dynamics for software delivery. We build secure Software Factories based on DoD reference designs and NIST Frameworks for Cloud and Dev Sec Ops .

These factories deliver AI/ML Applications, Data Science Platforms, Blockchain and Microservices for DoD, Healthcare and Civilian Agencies

We are seeking an Application Security Engineer to support the modernization of a large‑scale enterprise software development platform. This role focuses on securing CI/CD pipelines, enforcing Dev Sec Ops  best practices, and implementing automated security testing throughout the SDLC. The engineer will work closely with development and platform engineering teams to embed security into reusable templates, Git Hub Actions, and deployment workflows, ensuring applications are built and deployed securely across environments.

• Using Git Hub Advanced security, review security findings of the organization.
• Review, validate, and approve requests to remediate security findings.
• Review, validate, and approve requests to dismiss security findings.
• Collaborate with Federal POC and FDIC security team to create and implement application security processes and standards.
• Identify gaps and design solutions to improve application security at the FDIC.
• Provide guidance to FDIC developers in regard to remediating findings when needed.

• Bachelor’s degree in Computer Science, Engineering, Information Technology, or related field, or equivalent professional experience.
• Experience integrating security tools (SAST/DAST/SCA) into CI/CD pipelines to automate vulnerability scanning.
• Proficient in conducting and interpreting results from:
• SAST (Static Analysis Security Testing)
• DAST (Dynamic Analysis Security Testing)
• Manual Code Review for security flaws
• Deep understanding of the OWASP Top 10 and other common application security attack vectors (e.g., injection, XSS, broken access control).
• Knowledge of security considerations for large, complex enterprise architectures, which may include Cloud Security (AWS, Azure, or GCP), API security, and microservices.

Mid-Senior level

Full-time

Information Technology

IT Services and IT Consulting, Software Development, and Computer and Network Security

• Medical insurance
• Vision insurance
• 401(k)
• Disability insurance
• Paid maternity leave
• Paid paternity leave