Security Engineer/Tester


Security Engineer/Tester


CGI Federal’s Enterprise Solutions Group (ESG) seeks a highly-motivated Application Security Engineer/Tester to join their Cyber Security team. The candidate will join a multi-disciplinary team of security specialists, engineers, project managers and delivery professionals responsible for supporting various Defense and Civilian contracts.

Your future duties and responsibilities:

  • Application security testing techniques, using automated tools and manual testing
  • Creation of exploit proofs of concept
  • Discovery of application security weaknesses, and writing recommendations for preventing or fixing them
  • Analyze and Respond to vulnerability inquiries and vulnerability reports
  • Research and implement new threats and attack vectors that impact web applications and infrastructure
  • Assess new and existing applications and system deployments for vulnerabilities and design flaws, and prioritize remediation efforts based on risk
  • Hands-on experience with one or more tools like BurpSuite, Kali, OWASP ZAP, Fuzzers, MetaSploit, HP Fortify, Checkmarx. Appscan, AppDetective, Netsparker, Nessus is desired
  • Be able to adjust to working in a fast pace environment, multitask and switch between priorities
  • Be able to learn new technologies, security trends and help build new capabilities and services
  • Collaborate with team members on a daily basis, while working on the same projects
  • Follow team’s established processes and procedures, adhere to due dates and deliverable
  • Deliver high quality work at all the time


  • Application development or security experience will be required to perform the role well
  • Knowledge of secure development principles in at least one environment (i.e. Java or .NET)
  • Minimum 2 years experience in system development in technologies like Java, JavaScript, Angular JS, Python, Ruby, .Net, etc.
  • Strong knowledge of security-related best programming practices for J2EE and .NET
  • Experience designing and executing web application security evaluations, solo and as part of a team
  • Knowledge of the SDLC and experience working with development teams (waterfall, Agile, etc.)
  • One or more certifications like CISSP, CEH, Security +, OSCP desired
  • Ability to document and explain risks and vulnerabilities to technical and non-technical stakeholders
  • Knowledge of Microservices and Container Technology such as Kubernetes, Docker, etc. Understand how to implement best security aspects to the above mentioned technologies.


  • AngularJS
  • Java
  • JavaScript
  • Microservices
  • Nessus
  • Python
  • Security Assessment
  • Vulnerability Assessment(IAVA)

How to Apply:

Please apply online at

Visit Site to Apply

Location: Lafayette, LA
Date Posted: August 30, 2021
Application Deadline: September 30, 2021