Job Description

Category
Operations
Position Type
Full-Time/Regular
Job Location
11900 Bournefield Way, Suite 150Silver Spring, Maryland
Tracking Code
1532-948

EAGLEBANK OVERVIEW:

Eagle Bancorp, Inc. headquartered in Bethesda, MD, was incorporated in 1997 to serve as the bank holding company for EagleBank. Eagle Bancorp is a publicly traded company under the symbol EGBN. EagleBank commenced banking operations on July 20, 1998, and currently operates 20 banking offices: six in Suburban, Maryland, five located in the District of Columbia; and nine in Northern Virginia. The Bank was founded to specifically address the business and personal needs of local business owners. It has been answering and exceeding those needs for over 20 years, providing custom financial solutions, local access to senior management, quick response, local decision-making, and a deeply-rooted dedication to the local community.

Our Mission is to be the most respected and profitable community bank by putting relationships first to the delight of our customers, employees, and shareholders, and relentlessly deliver the most compelling service and value. Eagle Bank’s Values are: Relationships F·I·R·S·T: Flexible, Involved, Responsive, Strong, and Trusted.

GENERAL SUMMARY:

As the Application Security Engineer you will be providing application security expertise throughout the Software Development LifeCycle (SDLC) as well as being responsible for managing and driving forwards the Application Security Analytics practices. A key part of your role will also involve validating and testing web applications in order to ensure applications meet the requirements of the SDLC Policy and industry best practices. The job will also entail conducting Component Analysis, which is the process of identifying potential areas of risk from the use of third-party and open-source software and hardware components. In addition undertaking threat modelling and conducting periodic penetration testing using best of breed tools, a good understanding of the OWASP Top 10 vulnerabilities and maintaining documentation

MAJOR DUTIES AND RESPONSIBILITIES:

  • Experience in embedding security in all stages of the Software Development LifeCycle (SDLC), namely requirements, design, development, testing and deployment to production.
  • Develop SDLC Building blocks:
    • Secure Coding Guidelines & Checklist
    • Dynamic Code Analysis & Checklist
    • Threat Modelling and Attack Surface analysis
  • Partner with application development teams to understand business needs and develop appropriate application security controls. This will involve working closely with teams to understand current Application Security Practices and Maturity
  • Assist application teams with overall implementation of SDLC requirements within applications and related to working within security parameters of hardened systems
  • Design, develop, and deploy appropriate application security utilities and frameworks. Create, maintain, and apply reusable application security patterns, frameworks, and best practices leveraging industry best practices.)
  • Foster a culture of secure application development by assisting dev teams in adopting secure coding best practices and frameworks and practices to ensure compliance
  • Perform ongoing application security work to measure, monitor, and roll out continuous improvement. This would include:
    • Software Composition Analysis (SCA).
    • Penetration testing using best of breed tools
    • Understanding of the OWASP Top 10 vulnerabilities
    • Establish and maintain documentation through best practice processes and procedures
  • Performs other related duties as assigned

Required Education/Experience:

  • Bachelor’s degree in Computer Science or 4 additional years of software development.
  • 5+ year’s experience with emphasis on application development, application security or related fields.
  • 3+ year’s experience in application security technologies with knowledge of application security threats. Experience with threat modeling, attack surface analysis, penetration testing, software vulnerability assessments, and understand of software security threat vectors
  • Knowledge of Component Analysis using tools such as OWASP Dependency-Check, Bytesafe Dependency Checker, Patton, PHP Security Checker, etc.
  • Knowledge of BURP, MetaSploit, Nessus is a must.
  • Some Experience with static and dynamic application security testing.

Preferred Education/Experience:

  • Experience as an application security engineer using a suite of tools used for the following
  • Recon and Information Gathering (e.g. Nmap, NetCat, Spiders, OWASP Zed Attack Proxy)
  • Mapping and Discovery (e.g. Burp Suite with plug-ins)
  • Exploitation of top OWASP vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, etc. Experience with tools such as MetaSploit, AppScan or WebInspect.
  • Threat modeling using PASTA methodology.
  • Knowledge of OWASP Best practices
  • Knowledge of OWASP Testing Guide 4.0
  • Knowledge of OWASP Code Review 2.0
  • Knowledge of Software Component Verification Standard (SCVS)

Required Certifications (at least one from this list):

  • Certified Secure Software Lifecycle Professional (CSSLP) from ISC2
  • Certified Application Security Engineer (CASE) from EC-Council
  • GIAC Penetration Tester (GPEN) from SANS Institute
  • GIAC Web Application Penetration Tester (GWAPT) from SANS Institute
  • Certified Penetration Testing Professional (CPENT) from EC-Council
  • Secure Programming Certified Leader (S-CSPL) from SECO Institute

Preferred Certifications:

  • Web Application Hacking and Security (W|AHS) from EC-Council
  • Certified Ethical Hacker (CEH) from EC-Council
  • Certified Ethical Hacker Master (CEH-M) from EC-Council
  • Qualified/ Ethical Hacker Certification (Q/EH) from Security University
  • Qualified/ Security Analyst Penetration Tester (Q/PTL) from Security University
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) from SANS Institute
  • CompTIA Pentest+
  • Licenced Penetration Tester (L|PT) from EC-Council
  • Project Management (PMP) certification preferred

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online