Application Security Engineer

Booz Allen Hamilton

Quick summary

Work type: On-site
Location: Washington, DC
Salary: $62,000–$141,000 / yr
Posted: 9 days ago
Closes: Aug 1, 2026

Market check

Salary context

Below market

How this pay compares to similar roles

Similar $166k

This role $102k

$46k most similar roles pay here $214k

This role pays less than 97% of similar roles. Most pay $139,775–$191,637 — the shaded band above. At the midpoint, this role pays about $102k versus about $166k for comparable roles.

Based on 240 similar postings.

Employer

About Booz Allen Hamilton

Booz Allen Hamilton is a management and technology consulting firm that provides analytics, digital, engineering, and cybersecurity solutions primarily to U.S. government agencies and commercial clients. Industry: Management & Technology Consulting

Booz Allen Hamilton currently has 375 open roles on FindRole.

Listed pay typically runs $86,800–$198,000 across 368 roles with salary data.

Most-posted roles

View all roles at Booz Allen Hamilton

At a glance

TL;DR · Application Security Engineer

Apply Now Log in to save

As an Application Security Engineer at a government contractor, you will collaborate closely with application teams to ensure robust security for high-profile applications. Your daily tasks include identifying and remediating security flaws through dynamic and static testing using tools like Burp Suite and SD Elements, as well as conducting threat modeling and creating security requirements. You’ll also lead discussions on best practices within the development lifecycle and work with OWASP frameworks. Ideal candidates have 6+ years of IT experience, proficiency in Java, Python, .NET, or C#, and extensive use of Burp Suite for SAST, DAST, and IDE plug-ins. Familiarity with Veracode, Eclipse, JDeveloper, Visual Studio, and federal compliance standards like NIST 800-53 is essential, along with knowledge of Linux/UNIX environments. Experience with Security Compass SD Elements, OWASP ZAP, or Burp Proxy is a plus.

Skills

Java Python .NET C# Burp Suite OWASP Veracode Eclipse JDeveloper Visual Studio NIST 800-53 FIPS FedRAMP Linux UNIX SD Elements OWASP ZAP IAST

What you'll do

Conduct dynamic and static application security testing using tools like Burp Suite.
Lead security discussions to prescribe best practices within the development lifecycle.
Remediate application security flaws in collaboration with the application security team.
Create security requirements and perform threat modeling at the generation level.
Utilize OWASP frameworks and adhere to federal compliance standards such as NIST 800-53.

What we're looking for

6+ years of IT experience with a focus on application security.
3+ years of hands-on experience with Java, Python, .NET, or C#.
Proficient in using Burp Suite for SAST, DAST, and IDE plug-in environments.
Expertise in designing and implementing enterprise-wide security controls.
Knowledge of OWASP Top 10, CVSS, CWE, WASC, and SANS-25 standards.
Familiarity with federal compliance standards like NIST 800-53, FIPS, or FedRAMP.

Remote

Save

Sr. Application Security Engineer

SpaceX

Redmond, WA 2 days ago $168,000–$230,000

Python C++ Golang C# Web application penetration testing Mobile application development Infrastructure security Bug bounty management Networking CI/CD

Save