Application Security Tooling Engineer (Senior) jobs in United States
info-icon
This job has closed.
company-logo

Take2 Consulting, LLC · 16 hours ago

Application Security Tooling Engineer (Senior)

positionUnited States
timeContract
remoteRemote
senioritySenior Level
date5+ years exp

Take2 Consulting, LLC is seeking an Application Security Tooling Engineer to design, operate, and continuously improve a defense agency’s application security scanning ecosystem across the software development life cycle. The role involves managing and integrating various security tools to ensure scalable and auditable security controls in regulated environments, while collaborating with senior leaders to optimize workflows and support security policies.

ConsultingLegalManagement Consulting
check
Comp. & BenefitsbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Deploy, configure, harden, and maintain AppSec scanning tools in on-prem and cloud environments
Manage tool upgrades, plugins, licensing, capacity planning, backup/restore, high availability, and disaster recovery
Establish SLAs/SLOs, monitoring, alerting, and operational runbooks
Integrate security tools into CI/CD pipelines with policy-based gating and risk management
Standardize secure developer workflows, including pull request checks, nightly scans, and release criteria
Develop reusable templates and reference implementations for development teams
Define and tune scanning policies to reduce false positives/negatives, aligning with agency standards
Maintain an auditable vulnerability workflow, including triage, remediation, and documentation
Provide actionable findings with clear remediation guidance and partner with engineering teams on fixing issues
Implement image scanning, runtime detections, admission controls, and policy enforcement in Kubernetes
Produce metrics and dashboards to monitor vulnerability trends, remediation times, and policy compliance
Support compliance and audit activities by providing scan outputs, control mappings, and procedures

Qualification

Application security engineeringDevSecOpsSonatypeFortifyBurp SuiteCI/CD automationSecure SDLCKubernetes securityLinux administrationNetworking fundamentalsTLS/cert managementIdentity integrationJava/Maven/Gradle.NET/NuGetNode/npmPython/pipOracle Cloud InfrastructureDoD/IC experienceRMFSTIGsVulnerability managementSIEM/SOAR systemsSplunkServiceNowJiraSecurity+CISSPCSSLPGIACKubernetes security certifications

Required

Active Secret clearance required
At least 5 years of experience in application security engineering and/or DevSecOps within regulated environments
Hands-on experience with Sonatype (Nexus IQ), Fortify (SCA/SSC), StackRox/Red Hat ACS, and Burp Suite
Strong CI/CD and automation skills, with the ability to develop repeatable integrations and policy gates
Working knowledge of Secure SDLC, OWASP Top 10, dependency risk, SBOM concepts, container/Kubernetes security
Linux administration, networking fundamentals, TLS/cert management, identity integration (SSO/LDAP)
Familiarity with common build systems and languages such as Java/Maven/Gradle, .NET/NuGet, Node/npm, Python/pip

Preferred

Experience with Oracle Cloud Infrastructure is preferred
DoD/IC experience with RMF, STIGs, and vulnerability management processes
Familiarity with registries and orchestration platforms such as Harbor, Artifactory, ECR, Kubernetes, OpenShift, Helm
Experience with SIEM/SOAR systems and ticketing platforms like Splunk, ServiceNow, Jira
Relevant certifications, including Security+, CISSP, CSSLP, GIAC, or Kubernetes security certifications

Company

Take2 Consulting, LLC

twittertwittertwitter
company-logo
Tech evolves. Industries shift. Take2 ensures your team moves with it.
dateFounded in 2015
location
Vienna, Virginia, USA
people-size1001-5000 employees
web-link
https://www.take2it.com/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Serge Khoury
Founder & Managing Partner
linkedin
Company data provided by crunchbase