We are a values driven organization putting Relationships FIRST. EagleBank is focused on being Flexible, Involved, Responsive, Strong, and Trusted. By prioritizing meaningful connections with our customers, employees, and shareholders, we relentlessly deliver the most compelling, valuable service to our community. EagleBank (NASDAQ - EGBN) was founded to meet the financial needs of local business owners in Maryland, Washington DC, and Northern Virginia. With genuine connections, we provide custom financial solutions, local decision-making, and a deeply-rooted dedication to the community.

EagleBank is committed to being a workplace of inclusion, equity, respect, and acceptance. We celebrate diversity and intentionally seek out opportunities to learn from one another's experience. We believe employees are essential to the building of relationships and we prioritize investing in employee growth and wellbeing. Throughout your EagleBank career, our commitment is to provide you with a variety of competitive benefits, recognition, training and development, and the knowledge that your contribution adds value to the company and our community. Employee involvement is fostered through resource groups, mentorship programs, community service, and scholarship opportunities for continued education. With features including wellness discounts, healthcare premium sharing, employer funding in your HSA account, and 100% 401(k) matching up to 4%, we pride ourselves in the ways we support our internal relationships.

We understand the need to be creative and flexible when it comes to telecommuting and other alternative work arrangements. This position is eligible for 100% remote and will be affiliated with the Silver Spring, MD office.

As the Application Security Engineer you will be providing application security expertise throughout the Software Development LifeCycle (SDLC) as well as being responsible for managing and driving forwards the Application Security Analytics practices. A key part of your role will also involve validating and testing web applications in order to ensure applications meet the requirements of the SDLC Policy and industry best practices. The job will also entail conducting Component Analysis, which is the process of identifying potential areas of risk from the use of third-party and open-source software and hardware components. In addition undertaking threat modelling and conducting periodic penetration testing using best of breed tools, a good understanding of the OWASP Top 10 vulnerabilities and maintaining documentation.

Requirements:

Bachelor's degree in Computer Science or 4 additional years of software development.
• 5+ year's experience with emphasis on application development, application security or related fields.
• 3+ year's experience in application security technologies with knowledge of application security threats. Experience with threat modeling, attack surface analysis, penetration testing, software vulnerability assessments, and understand of software security threat vectors.
• Knowledge of Component Analysis using tools such as OWASP Dependency-Check, Bytesafe Dependency Checker, Patton, PHP Security Checker, etc.
• Knowledge of BURP, MetaSploit, Nessus is a must.
• Some Experience with static and dynamic application security testing.

Required Certifications (at least one from this list):

• Certified Secure Software Lifecycle Professional (CSSLP) from ISC2.
• Certified Application Security Engineer (CASE) from EC-Council.
• GIAC Penetration Tester (GPEN) from SANS Institute.
• GIAC Web Application Penetration Tester (GWAPT) from SANS Institute.
• Certified Penetration Testing Professional (CPENT) from EC-Council.
• Secure Programming Certified Leader (S-CSPL) from SECO Institute.

Preferences:

• Experience as an application security engineer using a suite of tools used for the following:
  • Recon and Information Gathering (e.g. Nmap, NetCat, Spiders, OWASP Zed Attack Proxy).
  • Mapping and Discovery (e.g. Burp Suite with plug-ins)
  • Exploitation of top OWASP vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, etc. Experience with tools such as MetaSploit, AppScan or WebInspect.
  • Threat modeling using PASTA methodology.
• Knowledge of OWASP Best practices
  • Knowledge of OWASP Testing Guide 4.0
  • Knowledge of OWASP Code Review 2.0
  • Knowledge of Software Component Verification Standard (SCVS).
• Web Application Hacking and Security (W|AHS) from EC-Council.
• Certified Ethical Hacker (CEH) from EC-Council.
• Certified Ethical Hacker Master (CEH-M) from EC-Council.
• Qualified/ Ethical Hacker Certification (Q/EH) from Security University.
• Qualified/ Security Analyst Penetration Tester (Q/PTL) from Security University.
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) from SANS. Institute.
• CompTIA Pentest+
• Licensed Penetration Tester (L|PT) from EC-Council.
• Project Management (PMP) certification.

Don't meet all the requirements? We encourage you to still apply if you think you are the right person to join our community. We are always interested connecting with people inspired by our mission and values. If you aren't hired for this position, your resume will remain available for the next year and might be considered for future openings. Note: You can update your resume as often as needed.