[Remote] Lead Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. phia, LLC is a Northern Virginia based small business focused on Cyber Intelligence and Cyber Security. They are seeking a Lead Application Security Engineer to drive the dynamic application security testing program for a federal civilian client, overseeing the Burp Suite Enterprise program and ensuring robust application security practices.ResponsibilitiesRun a Federal Burp Suite Enterprise ProgramArchitect, operate, and continuously improve scheduled authenticated DAST scanningWrite and maintain extensions (Python/Jython or Java/Montoya API)Authenticate scanning against hard targetsVerify remediations, kill false positives with evidenceLead and drive discussions with DevOps, platform, and identity stakeholdersAdminister the teamβs Linux servers in AWSSupport the migration to OpenShiftConvert legacy Python/shell tooling into Ansible roles and playbooksIntegrate security tooling into GitHub Actions or comparable CI/CD pipelinesSkills8+ years in engineering/security, with deep, recent, hands-on Burp Suite Enterprise and Burp Suite Professional operations β you have configured authenticated scans, not just reviewed their outputDemonstrated experience writing or significantly modifying custom Burp extensions (Python/Jython, Java, or Montoya API)Strong Linux/Unix command-line fluency β comfortable diagnosing services, disk, memory, and network from a shell, dailyPython and Bash scripting; Ansible exposure; experience with Docker/Kubernetes (OpenShift a plus) and AWSExperience integrating security tooling into GitHub Actions or comparable CI/CD pipelinesProven technical leadership: you have driven programs or technical decisions across teams and can hold your own β energetically β in a room of senior engineersAn active, visible interest in AppSec and DevSecOps research: you test new techniques, follow the field, and bring ideas to the team unpromptedU.S. citizenship and the ability to complete federal Public Trust vetting (no security clearance required)Published Burp extensions (BAppStore or GitHub), conference talks, blog posts, or open-source security toolingExperience scripting around OTP/TOTP, PIV, or certificate-based authentication for automated scanningVeracode SAST, Contrast IAST, or bug bounty validation experience (HackerOne or similar)Prior federal or regulated-environment AppSec work (NIST 800-53 / FISMA familiarity)BenefitsMedical InsuranceDental InsuranceVision InsuranceLife InsuranceShort Term & Long-Term Disability401k Retirement Savings Plan with Company MatchPaid HolidaysPaid Time Off (PTO)Tuition and Professional Development AssistanceCompany Overviewphia LLC is a Northern Virginia based small business that was established in 2011. It was founded in 2011, and is headquartered in Fairfax, Virginia, USA, with a workforce of 11-50 employees. Its website is http://phiatech.com.