Application Security Engineer

Description

MBL Technologies, Inc. offers a diverse set of management and technology consulting services to Federal government and commercial markets. Our solutions are tailored to support each client’s mission, accounting for their unique needs and operating environments to ensure success. We bring the right people, capabilities, and expertise together to assist our clients with enabling their mission. Together our individual differences drive successful business results.

If you are transitioning from military to civilian life, have prior service, are a retired veteran, or a member of the National Guard or Reserves, or spouse of an active military service member, we encourage you to apply. Please visit our webpage for information on our policies and benefits for the military and veteran community.

Why Work with Us?

• We trust, empower, and believe in our employees to soar to their fullest potential! 
• We offer a robust benefits package (medical, dental, vision, STD, Accident, Life, Hospital Insurance, FSA, HSA, 401K match, professional development stipend, etc.).
• We love to have fun and give back to the community. Community Service and Employee Engagement events are atop our calendar events!

MBL Technologies is seeking an experienced Application Security Engineer to support the security and integrity of enterprise applications within a federal environment. This role will focus on identifying, analyzing, and mitigating application security vulnerabilities through the use of industry-standard tools and best practices, with an emphasis on both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).

The ideal candidate will have hands-on experience with Burp Suite Enterprise for DAST scanning and Veracode for SAST analysis, along with a strong understanding of secure coding practices, vulnerability management, and federal security compliance frameworks.

Key Responsibilities:  

• Perform DAST scanning using Burp Suite Enterprise, including configuration, execution, and analysis of scan results. 
• Conduct SAST assessments using Veracode, identifying code-level vulnerabilities and recommending remediation strategies. 
• Analyze and prioritize vulnerabilities based on risk, leveraging frameworks such as CVSS, CWE, OWASP Top 10, WASC, and SANS-25. 
• Collaborate with development, DevOps, and security teams to integrate security into the SDLC and CI/CD pipelines. 
• Provide guidance on secure coding practices and assist developers with vulnerability remediation. 
• Support the implementation and maintenance of IDE security plug-ins and secure development tools. 
• Troubleshoot application and connectivity issues within Linux-based environments. 
• Contribute to the design and implementation of enterprise-wide application security controls. 
• Ensure alignment with federal compliance standards, including NIST 800-53, FIPS, and FedRAMP. 
• Stay current with emerging threats, vulnerabilities, and application security best practices.

 Required Experience Skills & Qualifications:   

• 6+ years of overall Information Technology experience.
• 3+ years of experience supporting SAST, DAST, and IDE plug-in environments using Burp Suite (with emphasis on Burp Suite Enterprise for DAST).
• Experience supporting SAST/DAST environments using Veracode. 
• 3+ years of development experience with Java, Python,. NET, or C#. 
• 3+ years of experience designing and implementing enterprise-wide security controls for applications and systems. 
• Experience with development environments such as Eclipse, JDeveloper, or Visual Studio, including pipeline integration 
• Strong understanding of application security principles and vulnerability frameworks (OWASP Top 10, CVSS, CWE, WASC, SANS-25). 
• Knowledge of federal security and compliance standards (NIST 800-53, FIPS, FedRAMP). 
• 3+ years of experience working in Linux-based environments, including troubleshooting application and connectivity issues. 
• Ability to obtain a security clearance. 
• Bachelor’s degree in Information Technology, Computer Science, or a related field.

 Preferred Qualifications: 

• Experience integrating security tools into CI/CD pipelines.
• Familiarity with container security, cloud environments, or DevSecOps practices. 
• Experience supporting federal agencies or government contracting environments. 
• Strong scripting or automation experience (e.g., Bash, Python).

MILITARY OCCUPATIONAL SPECIALTY CODES (MOS codes):

170A, 170D, 17A, 17B, 17C, 17D, 24B, 25B, 47D, 94F, IT, 17 5309, 6203, 9735, 9740, 9890, 9891    

CORPORATE CITIZEN:

MBL Technologies’ vision is to make a positive difference – for our people, our customers, and our communities. As such, a commitment to service and excellence has been woven into the very fabric of our culture. MBL employees demonstrate a willingness to consistently go above and beyond and strive for excellence in all we do – championing, protecting, and celebrating the core business through the mission, vision, and values. All are expected to be good corporate citizens, supporting one another and internal corporate initiatives to build a stable business platform and ensure lasting company success.

Benefits:

MBL Technologies offers a competitive salary adjusted for candidate qualifications partnered with an industry-leading benefits package. This package includes incentive plans with corporate and individual-based performance bonuses, 401K, PTO, remote work, health and wellness programs, employee discounts, and learning and development reimbursement.

EEO STATEMENT:

MBL Technologies is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or protected veteran status.