Application Security Engineer

Title: Application Security Engineer
Location : Rockville, MD or McLean, VA
Target Start Date : ASAP
Type: contract
Pay Rate: DOE

The Senior Application Security Engineer is responsible for designing, implementing, and advancing application security practices across the Software Development Life Cycle (SDLC). This role partners closely with engineering, DevOps, and security teams to identify vulnerabilities, support remediation efforts, evaluate security tooling, and strengthen secure development practices.

The ideal candidate brings strong hands-on application security expertise, experience integrating security into CI/CD pipelines, and the ability to leverage modern automation and GenAI technologies to scale secure code review and vulnerability analysis capabilities.

• Perform application security assessments, manual penetration testing, and vulnerability validation using tools such as Burp Suite and other proxy/security testing tools.
• Analyze and triage findings from SAST, DAST, IAST, IaC, and secrets detection tools to identify, prioritize, and support remediation of security vulnerabilities.
• Partner with engineering teams to integrate security controls and testing into CI/CD pipelines in support of DevSecOps initiatives.
• Conduct secure code reviews and leverage GenAI-enabled security tooling to improve scalability and efficiency of application security analysis.
• Evaluate, recommend, and implement application security tools and technologies, including emerging capabilities related to automated code analysis and cloud security.
• Perform AWS configuration and cloud security reviews to ensure adherence to security best practices and compliance standards.
• Develop and maintain documentation related to security findings, remediation activities, risk assessments, and compliance requirements.
• Contribute to the development, interpretation, and enforcement of application security policies, standards, and procedures.
• Support enterprise security compliance initiatives and participate in audit and risk management activities.
• Deliver security awareness training and educate developers and QA engineers on common application security risks, secure coding practices, and remediation techniques.
• Stay current on emerging threats, vulnerabilities, attack techniques, and security technologies to continuously improve the organization's security posture.

• Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or a related technical field.
• 5+ years of experience in cybersecurity with a strong focus on application security.
• Hands-on experience with SAST, DAST, IAST, and related application security testing methodologies and tools.
• Strong understanding of OWASP Top 10 vulnerabilities, secure coding principles, and remediation strategies.
• Experience performing manual penetration testing and application vulnerability assessments.
• Proficiency in one or more programming or scripting languages such as Java, Python, or JavaScript.
• Experience integrating security tooling into CI/CD pipelines using platforms such as Jenkins and GitLab.
• Strong knowledge of security engineering concepts including authentication, authorization, cryptography, network security, and secure application architecture.
• Experience with AWS cloud security concepts, services, and configuration reviews.
• Excellent communication skills with the ability to collaborate effectively across engineering and security teams.

• Background in software engineering or application development.
• Familiarity with GenAI-assisted security tooling and automated code analysis solutions.
• Experience with Infrastructure as Code (IaC) security scanning and secrets management tools.
• Experience conducting infrastructure or application-level vulnerability testing and security auditing.
• Industry certifications such as:
  • GWAPT
  • OSWE
  • Burp Suite Certified Practitioner
  • CISSP
  • CSSLP
• Experience supporting enterprise DevSecOps transformation initiatives.

• Application Security: SAST, DAST, IAST, Secure Code Review
• Cloud Platforms: AWS
• CI/CD Tools: Jenkins, GitLab
• Security Testing Tools: Burp Suite and related proxy/testing tools
• Programming Languages: Java, Python, JavaScript
• DevSecOps & Automation: Security pipeline integration, GenAI-assisted analysis

Welcome to ConsultNet, a premier national provider of technology talent and solutions. Our expertise spans across project services, contract-to-hire, direct search, and managed services onshore, nearshore, and hybrid. For over 25 years, we have connected thousands of consultants with meaningful roles through a personal, communication-driven approach, partnering with a diverse client base to build high-performing teams and create lasting impact. Our comprehensive service offerings cover a wide range of technology and engineering positions across key markets nationwide. Learn more at www.consultnet.com .

We champion equality and inclusivity, proudly supporting an Equal Opportunity Employer policy. We welcome applicants regardless of Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other status protected by law.