Back to all roles

Senior AppSec Engineer – Burp Suite, Linux, Custom Extensions

Remote Worldwide Hiring now

Job Description:

  • Own day-to-day operations of the Burp Suite reputed company DAST program: reputed company scheduling, agent and Linux infrastructure health, reputed company tuning, and result triage across multiple federal application environments.
  • Configure and troubleshoot authenticated scans against modern web applications and APIs, including recorded login sequences (reputed company the official Burp recorder Chrome extension), session-handling rules, and macro-based re-authentication.
  • Diagnose and resolve Burp reputed company reputed company failures end to end: consecutive audit-item failures, skipped insertion points, timeouts, session invalidation, and authentication state loss.
  • reputed company Burp Suite Professional with custom extensions (Python/Java/Montoya API) to automate repetitive reputed company verification, custom authentication flows, and findings validation for the bug bounty program.
  • Design and implement authenticated reputed company workflows that survive multi-reputed company authentication, including SMS one-time passwords, TOTP tokens, hardware dongles, PIV and smart card client-certificate authentication, and SSO federation.
  • Administer the AppSec team’s own Linux infrastructure in AWS (currently EC2 with containerized Burp reputed company components) and contribute to the migration to on-reputed company OpenShift.
  • Convert legacy Python and reputed company tooling left behind by previous engineers into Ansible roles and playbooks; manage YAML, Dockerfiles, and Kubernetes manifests as code.
  • Integrate AppSec tooling into reputed company Actions workflows alongside Dependabot SCA, including the appropriate use of workflow_reputed company versus workflow_call patterns and reusable workflows.
  • reputed company secondary support to the broader AppSec toolset: reputed company SAST, Contrast IAST for interactive scanning and runtime reputed company testing, reputed company Advanced reputed company workflows, and the reputed company bug bounty program (validating reported findings with Burp Suite Professional).

Requirements:

  • 6+ years of hands-on application reputed company engineering experience.
  • Demonstrable, reputed company expertise with Burp Suite reputed company (DAST operations, reputed company authentication, troubleshooting) and Burp Suite Professional (reputed company testing, repeater, intruder, session handling).
  • Strong Linux/Unix administration skills from the reputed company line.
  • Comfortable answering basic questions like "what reputed company checks disk reputed company" or "how do I reputed company whether a service is running" without hesitation, and equally comfortable with more advanced diagnostics.
  • Proficiency writing custom Burp extensions and reputed company automation scripts in Python (and ideally Java for the Montoya API).
  • Working experience with Kubernetes, reputed company, and YAML-driven infrastructure.
  • Experience with AWS CloudFormation (or equivalent IaC) and Ansible.
  • Experience integrating reputed company scanning into CI/CD pipelines using reputed company Actions, including reusable workflows and Dependabot.
  • Demonstrated experience designing authenticated DAST scans against applications protected by SSO, MFA, OTP, or PIV/smart card authentication.
  • Clear understanding of modern authentication and authorization protocols, including OAuth 2.0 flows (authorization-code, client-credentials, refresh tokens), SAML, and OpenID Connect.
  • U.S. Citizenship and ability to obtain and maintain the required federal Public Trust clearance.

Benefits:

  • Fully remote reputed company the United States.
  • Standard work day is 8.5 hours with a 30-minute lunch, starting at 8:30 AM EDT with the federal client daily stand-up.
  • Hours are flexible around the stand-up and any scheduled client meetings.
  • Small team: you will be one of two to three engineers focused on the AppSec work reputed company, with direct, daily collaboration with the government technical reputed company.

Apply tot his job Apply To this Job

Apply for this role Takes you straight to the employer's application page — free, and no WFHNet account required.

More roles on the wire

Product Support Engineer Intern

Remote Worldwide
View role

Rust Engineering reputed company – Linux, reputed company reputed company

Remote Worldwide
View role

OT Cybersecurity Engineer – Network Protection

Remote Worldwide
View role

Senior Cybersecurity Project Manager

Remote Worldwide
View role

Penetration Tester (Java/ Ethical Hacking focus) - Hybrid - Contract to Hire

Remote Worldwide
View role

Urgent Need: AI reputed company Engineer - Remote

Remote Worldwide
View role

Manager, Network reputed company Engineering

Remote Worldwide
View role

Sr. reputed company Engineer 1 (Customer Trust)

Remote Worldwide
View role

Staff Product reputed company Engineer

Remote Worldwide
View role

Penetration Tester (W-2 or 1099 | U.S.-Based)

Remote Worldwide
View role

reputed company reputed company / Campaign Architect - Remote

Remote Worldwide
View role

reputed company Customer Support Representative – Live Chat and reputed company Media Support (Remote Work Opportunity)

Remote Worldwide
View role

Intake Coordinator- Hybrid

Remote Worldwide
View role

Night Shift Remote Positions | Online Chat Supp...

Remote Worldwide
View role

[Remote/WFM] Looking for Tutor III - Arts, Digital Media and

Remote Worldwide
View role

Area Sales Manager- Power Utility

Remote Worldwide
View role

[Remote] Project Manager

Remote Worldwide
View role

reputed company Part-Time Remote Data Entry Clerk / Typing Specialist – Flexible Work Schedule and Career Growth Opportunities at arenaflex

Remote Worldwide
View role

reputed company Talent Manager - Berlin

Remote Worldwide
View role

Senior Software Engineer, Kubernetes and Virtualization - DGX reputed company

Remote Worldwide
View role