Lead Application Security Engineer
Remote · United States
Job Summary
Lead Application Security Engineer to drive the dynamic application security testing (DAST) program for a federal civilian client. Owns the Burp Suite Enterprise program end-to-end, including architecture, operation, and improvement of authenticated scans, as well as custom Burp extensions and integration with CI/CD pipelines. Leads cross-team discussions with DevOps, platform, and identity stakeholders, administers Linux-based infrastructure on AWS, supports migration to OpenShift, and contributes to security tooling and automation. Requires hands-on Burp Suite Enterprise and Burp Suite Professional experience, strong Linux/Unix skills, scripting (Python/Bash), and leadership experience in AppSec/DevSecOps within a federal context. Must be a U.S. citizen capable of completing Public Trust vetting. Fully remote with a federal client; on-site presence is limited to client team in the field.
Required Qualifications
- 8+ years in engineering/security
- deep, hands-on Burp Suite Enterprise and Burp Suite Professional operations
- configured authenticated scans
- demonstrated experience writing or significantly modifying custom Burp extensions (Python/Jython, Java, or Montoya API)
- strong Linux/Unix command-line fluency
- Python and Bash scripting; Ansible exposure; experience with Docker/Kubernetes (OpenShift a plus) and AWS
- experience integrating security tooling into GitHub Actions or comparable CI/CD pipelines
- proven technical leadership across teams
- active interest in AppSec and DevSecOps research
- U.S. citizenship and ability to complete federal Public Trust vetting (no security clearance required)
Additional Requirements
- U.S. citizenship required
- Public Trust vetting required
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.