Senior Java Security Engineer (Job #6259)

Location: Washington
Posted on: February 9, 2025

Job Description:

Work with product teams and product owners to understand and formulate security requirements for large internet-facing, enterprise software applications.

• Serve as SME on application security and collaborate with software development teams to provide technical guidance to implement appropriate security solutions, mechanisms and/or controls that address business requirements.

• Consult on technical security issues/incidents as needed.

• Initiate and conduct manual/automated code reviews (via risk assessments)

• Act as a liaison between software engineers and Information System Security Office (ISSO)

• Conduct and coordinate vulnerability assessments and code-reviews of software application under development

• Conduct risk assessment planning sessions and results read-outs

• Experience writing automated unit tests.

• Experience in performing code reviews.

• Participate in Agile SCRUM activities such as daily standup, sprint planning and retrospective meetings

• Monitor the marketplace for application security related tools, conduct tool analysis and provide recommendations.

Requirements

Must have:

• 7+ years of Java/Enterprise Java development experience

• Expertise with application server technologies, Spring Framework, Spring Security, Web Services (JAX-RS/JAX-WS), REST and Hibernate

• In-depth knowledge of and experience with Java security technologies, Single-sign-on and identity management technologies

• Expertise with web system security concepts, including multi-factor authentication , authorization (RBAC), encryption/hashing, SAML (mandatory), LDAP

• Knowledge of cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors

Desirable:

• Knowledge of TCP/IP, HTTP/S and related protocols

• Knowledge of network-based, system-level and application layer attacks and mitigation methods

• Experience with static code analysis tools including HP Fortify, FindBugs, PMD

• Knowledge of and experience with agile software development methodologies

• BS in Computer Science or related field

Keywords: , Washington DC , Senior Java Security Engineer (Job #6259), IT / Software / Systems , Washington, DC