**Application Security Engineer (Senior)** *Role requires presence in the **DMV area** , with **3 days onsite per week*** **Critical:** + Senior‑level **Application Security Engineer** role with a **primary focus on web application penetration testing** . + **Web app pen testing is 100% required** and is the core responsibility of the role. + Works closely with **software engineering teams** throughout the development lifecycle, performing penetration testing against all application code. + Strong hands‑on expertise with **Burp Suite** , including **custom workflow creation and plugin development** , is critical. + Responsible for **triage and analysis of SAST and DAST findings** , requiring strong **code comprehension skills** . + Must be able to read and understand code across multiple languages, with **Java and Python** as the primary focus. + Candidates will be evaluated on **code comprehension and vulnerability identification** through practical exercises. + Preferred certifications include **OSCP** and strong Burp Suite experience. **Overview:** The main function of **Senior Application Security Engineer** is to plan, coordinate and implement application security practices in each phase of software development life cycle though testing, remediation support, tool evaluation, etc. This role involves in evaluating security vulnerabilities, security tools, implementing security solutions, and leveraging latest solutions to secure code review capabilities. **Job Responsibilities:** + Perform security assessments and manual penetration testing using tools such as **Burp Suite** and other proxy tools. + Triage static (SAST), dynamic (DAST), interactive (IAST) analysis results to identify, prioritize and remediate security vulnerabilities. + Integrate security practices into CI/CD pipeline to support DevSecOps initiative. + Maintain documentation of security findings, remediation plans, and compliance requirements + Develop and interpret security policies and procedures Participate in security compliance efforts + Develop and deliver training materials and perform general security awareness and specific security technology training + Evaluate and recommend new and emerging security products and technologies + Leverage GenAI technologies to scale application security reviews and automate code analysis + Evaluate various application security tools/capabilities i.e., SAST, DAST, IaC, Secrets detection tools + Stay current with emerging security threats and countermeasures. + Ability to train or explain the common security issues to raise the security awareness among developers and assurance engineers. + Perform AWS configuration reviews **Qualifications:** + Bachelor's degree in a technical field such as computer science, computer engineering or related field required + 5+ years of experience required in Cyber security and application security + Familiarity with SAST, DAST, IAST tools + Understanding of AWS is required + Deep understanding of OWASP top issues and remediation guidelines. + Proficiency in one or more programming language (Java, Python, JavaScript is preferred) + Understanding of CI/CD tools such as Jenkins and GITLAB. + Familiarity with GenAI tools is a plus + Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security + Candidates with software development background is a plus + Consistent implementation of security solutions + Experience in infrastructure or application-level vulnerability testing and auditing + Certifications like GWAPT, OSWE, Burp Suite Certified Practitioner are good to have ManpowerGroup is committed to providing equal employment opportunities in a professional, high quality work environment. It is the policy of ManpowerGroup and all of its subsidiaries to recruit, train, promote, transfer, pay and take all employment actions without regard to an employee's race, color, national origin, ancestry, sex, sexual orientation, gender identity, genetic information, religion, age, disability, protected veteran status, or any other basis protected by applicable law.