When you join Verizon
You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love — driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together — lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the #VTeamLife.
We are seeking a highly skilled and motivated Security Engineer to join our Application Security team. This role requires a unique blend of deep expertise in Dynamic Application Security Testing (DAST) methodologies and tools, coupled with strong hands-on experience in Java development. The ideal candidate will be instrumental in integrating security practices directly into our Software Development Lifecycle (SDLC), particularly by establishing, tuning, and operating our DAST program and helping development teams remediate complex security vulnerabilities.
What you’ll be doing…
- Strategy & Implementation: Defining, implementing, and continuously mature the organization's DAST strategy, integrating automated scanning into CI/CD pipelines (e.g., Jenkins, GitLab CI).
- Tool Management: Selecting, configuring, managing, and maintaining DAST solutions (e.g., OWASP ZAP, Burp Suite Enterprise, or commercial tools like Tenable WAS).
- Scanning & Analysis: Performing comprehensive DAST scans on web applications, APIs, and microservices, analyzing results for false positives and reporting actionable vulnerabilities.
- Custom Scripting & Automation: Developing custom scripts and automation (using Python, Java, or Shell) to enhance DAST coverage, automate testing scenarios, and integrate DAST output with defect tracking systems (e.g., Jira).
- Vulnerability Remediation: Partnering directly with development teams to explain vulnerability root causes, provide secure coding examples, and guide them through the remediation process.
- Code Review: Conducting targeted security code reviews for critical applications, focusing on architectural security flaws and common specific vulnerabilities (e.g., deserialization issues, Spring/Struts security misconfigurations, injection flaws).
- Secure Coding Standards: Developing and promoting secure coding standards and best practices and associated frameworks.
- Documentation & Training: Creating high-quality documentation, training materials, and run hands-on workshops to elevate the security knowledge of engineering teams.
- Incident Response: Assisting in the investigation and resolution of application security incidents, providing deep technical insight into Java application behavior and potential attack vectors.
- Stay Current: Researching continuously for new attack techniques, security trends, and emerging Java-related vulnerabilities.
What we’re looking for...
You'll need to have:
- Bachelor’s degree or three or more years of work experience.
- Three of more years of experience in Software Engineering, Application Security, or a related role.
- DAST Expertise: Deep, hands-on experience managing and operating DAST tools in an enterprise environment, including configuring authenticated scans and handling Single Sign-On (SSO) contexts.
- Java Development: Strong background (2+ years) in professional software development, primarily using Java and common frameworks (Spring Boot, Jakarta EE/JEE).
- Web Technologies: Expert understanding of web application architecture, HTTP protocols, RESTful APIs, and associated security controls (CORS, CSRF, XSS, etc.).
- Vulnerability Knowledge: Expert knowledge of the OWASP Top 10 or CWE/SANS Top 25.
- CI/CD: Experience integrating security tools (DAST, SAST) into automated CI/CD pipelines (e.g., Jenkins, GitLab, Azure DevOps).
- Cloud: Familiarity with securing applications deployed on major cloud platforms (AWS, Azure, or GCP).
Even better if you have one or more of the following:
- Good communication and presentation skills.
- Relevant industry certifications (e.g: CSSLP, OSCP, eJPT ).
- Experience with other security testing methodologies (SAST, IAST, Penetration Testing).
- Familiarity with containerization and orchestration technologies (Docker, Kubernetes).
If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.
Where you’ll be working
In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.
Scheduled Weekly Hours
40
Equal Employment Opportunity
Verizon is an equal opportunity employer. We evaluate qualified applicants without regard to race, gender, disability or any other legally protected characteristics.