Application Security Engineer at Santcore Technologies

• Job Location Tysons Corner, VA
• Seniority Mid-Senior Level
• Type Contract

Share on:

Description

Santcore Technologies is seeking a Senior Application Security Engineer for a contract engagement with one of our premier regulatory clients in Tysons, VA.

This role is responsible for planning, coordinating, and implementing application security practices across the full Software Development Life Cycle (SDLC).

The engineer will work hands-on with security testing, vulnerability remediation, DevSecOps integration, tool evaluation, and secure code review enablement to ensure applications meet strong security and compliance standards.

Key Responsibilities Perform security assessments and manual penetration testing using tools such as Burp Suite and other proxy-based testing tools Triage and analyze findings from SAST, DAST, and IAST tools to identify, prioritize, and remediate application security vulnerabilities Integrate application security controls into CI/CD pipelines to support DevSecOps initiatives Support vulnerability remediation by working closely with development and engineering teams Maintain detailed documentation of security findings, remediation plans, and compliance requirements Develop, interpret, and enforce application security policies, standards, and procedures Participate in security compliance and assurance activities Develop and deliver security awareness and technical training for developers and assurance engineers Evaluate, recommend, and onboard new and emerging application security tools and technologies Leverage GenAI-based security tools to scale application security reviews and automate code analysis Evaluate application security capabilities including SAST, DAST, IaC scanning, and secrets detection tools Stay current with emerging security threats, vulnerabilities, and countermeasures Clearly explain common application security issues and remediation guidance to development teams Perform AWS configuration and security reviews to identify misconfigurations and risks Required Qualifications Bachelor’s degree in Computer Science, Computer Engineering, or a related technical field 5+ years of experience in Cybersecurity with a strong focus on Application Security Hands-on experience with SAST, DAST, and IAST tools Strong understanding of AWS security concepts and configurations Deep knowledge of OWASP Top 10 vulnerabilities and remediation best practices Proficiency in at least one programming language: Java, Python, or JavaScript Experience working with CI/CD tools such as Jenkins and GitLab Solid background in security engineering, authentication mechanisms, cryptography, and application security Experience performing application-level and infrastructure-level vulnerability testing and audits Ability to consistently implement and validate security solutions across environments Preferred Software development background Familiarity with GenAI-based security tools Industry certifications such as: GWAPT OSWE Burp Suite Certified Practitioner