Lead Application Security Engineer

Job Summary

Driving the dynamic application security testing (DAST) program for a federal civilian client, the full-time Lead Application Security Engineer will manage the Burp Suite Enterprise program, develop custom Burp extensions, and lead technical discussions across teams while working remotely.

Key responsibilities

• Architect and operate the Burp Suite Enterprise program, focusing on scheduled authenticated DAST scanning and failure diagnosis
• Develop and maintain custom Burp extensions to address authentication and validation challenges
• Lead technical discussions with DevOps and platform stakeholders, ensuring alignment and consensus on security solutions

Required qualifications

• 8+ years of experience in engineering/security with hands-on expertise in Burp Suite Enterprise and Professional
• Proven experience in writing or modifying custom Burp extensions using Python/Jython or Java
• Strong command of Linux/Unix with the ability to diagnose system issues from the command line
• Familiarity with Python and Bash scripting, as well as exposure to Ansible and AWS
• Experience integrating security tooling into CI/CD pipelines, particularly with GitHub Actions