Security Engineer - Application Security Testing & Analysis

Company: INSPYR Solutions
Location: Tempe
Posted on: April 1, 2025

Job Description:

Security Engineer (Application Security Testing & Analysis) - Long Term Project - Tempe, AZ (Hybrid)Title: Security Engineer (Application Security Testing & Analysis)

Read on to find out what you will need to succeed in this position, including skills, qualifications, and experience.
Location: Tempe, AZ (Hybrid)
Duration: 6+ months long term project
Compensation: $70-88/hr.
Work Requirements: US Citizen, GC Holders or Authorized to Work in the U.S

Key Responsibilities:
Application Security Testing & Analysis: Conduct DAST scans using Invicti to identify vulnerabilities in applications.
Conduct SAST scans using Veracode to identify vulnerabilities in source code.
Conduct SCA scans using Veracode to identify vulnerabilities in open source components.
Compare SAST and DAST results to ensure comprehensive vulnerability coverage.
Analyze scan results, identify root causes, and collaborate with developers to implement effective remediations.
Work with CI/CD pipelines to integrate security testing into DevOps workflows.
As-needed, conduct manual verification and secondary authenticated scans using Burp Suite to reduce false negatives.

Software Development & Secure Coding Knowledge: Understand and evaluate vulnerabilities in Java, .NET, Python, and other application codebases.
Work with development teams to remediate security flaws in source code and follow secure coding practices.
Provide guidance on OWASP Top 10 and SANS 25 vulnerabilities, including how they arise, how to exploit them, and how to prevent them.

Vulnerability Management & Compliance: Ensure required DAST, SAST, and SCA release and periodic scanning is occurring and that scans and findings are addressed within SLA.
Review and approve false positives and mitigated-by-design requests for DAST, SAST, and SCA
Review and approve SDLC tasks (MME and SbD MUFG processes) for DAST, SAST, and SCA
Maintain compliance with NIST, PCI-DSS, FFIEC, SOX, CIS security frameworks.
Store and organize security artifacts in archives, following standardized documentation practices.

Security Collaboration & Process Improvement: Work closely with developers, DevOps teams, and application owners to secure software at all stages of SDLC.
Automate security scanning processes and improve reporting capabilities.
Stay updated on the latest exploitation techniques, security research, and industry best practices.

Qualifications & Skills:
Education & Certifications: Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
Relevant security certifications (e.g., OSCP, OSWE, GWAPT, CEH) are highly desirable.

Technical Experience: 5+ years of experience in Application Security, Secure Development, DAST, and SAST.
Hands-on experience with DAST tools such as Invicti (Netsparker), AppScan, Burp Suite, Acunetix.
Experience with SAST tools like Veracode and Fortify.
Experience with Burp Suite performing manual testing
Strong knowledge of web security vulnerabilities (OWASP Top 10, SANS 25, MITRE ATT&CK).
Software development experience in Java, .NET, Python, or similar languages.
Familiarity with secure software development life cycle (SSDLC) and CI/CD pipelines.
Experience with cloud security (AWS, Azure, Oracle Cloud) is a plus.
Scripting skills (Python, Bash, PowerShell) to automate security tasks.

Soft Skills: Strong ability to collaborate with developers and provide security guidance in a constructive manner.
Excellent communication skills, including technical reporting and vulnerability documentation.
Analytical mindset with a passion for improving software security and reducing risk exposure.

Our benefits package includes:

Comprehensive medical benefits
Competitive pay
401(k) retirement plan
---and much more!

About INSPYR Solutions

Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients' business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.

INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.

Keywords: INSPYR Solutions, Tempe , Security Engineer - Application Security Testing & Analysis, Engineering , Tempe, Arizona