CISSP Jobs - Application Security Engineer, 13699

at Queen Consulting Group, Inc
Location Boston, MA
Date Posted May 21, 2019
Category Default
Job Type Full-time


Position: Application Security Engineer
Location: Boston, MA
Full Time

Must have 1-2 years of application security experience with vulnerability testing and penetration testing! 

Job Description:

We are currently looking for an excellent well rounded Application Security Engineer that can thrive off of the challenge of supporting a newly built and constantly evolving application security program. 


  • The ability to perform in-depth manual/automated application security assessments, threat modeling, and architecture review
  • Identify and implement improvements to application security practices
  • Work closely with product owners, developers, scrum masters, and quality assurance as needed
  • Maintain a vulnerability/remediation tracking database to accurately reflect the current status of our environment
  • The ability to explain complicated vulnerability concepts to all levels of audience

Skills You Will Need Here:


  • Minimum 2 years work experience in application security
  • Mastery of the OWASP top 10 with deep knowledge into all other facets of application security vulnerabilities
  • Strong ethics and understanding of ethics in business and information security
  • Experience with application security tools such as Burp, Zap, nmap
  • Experience with at least one major commercial vendor tool (Veracode, WhiteHat, Qualys, Blackduck, etc)
  • The ability to explain complicated vulnerability concepts to all levels of audience


  • 4 years work experience in application security
  • Bug bounties or responsible disclosure awards
  • Experience working in software development
  • Experience with Application Security scanning tools (e.g., IBM Appscan, HB WebInspect, Accunetix, NTO Spider, BurpSuite Pro)
  • Experience with Static Code Analysis Tools (e.g., IBM Appscan Source, HP Fortify)
  • Experience with web application development (e.g,  ASP.NET, ASP, PHP, JSP)
  • Possessing security certifications (CEH, CISSP, OSCP, OSCE)