Job Description

Title: Application Security Engineer

State Role Title: Info Technology Specialist III

Hiring Range: Commensurate with experience

Pay Band: 6

Agency: Department of Taxation

Location: Main Street Center

Agency Website: https://www.tax.virginia.gov/work-with-us

Recruitment Type: General Public - G

Job Duties

The Virginia Department of Taxation is seeking an Application Security Engineer for the Office of Technology’s Application Security unit to help ensure the protection, confidentiality, integrity, and availability of Virginia Tax information technology resources.

The Application Security Engineer’s purpose is to champion security throughout the Software Development Life Cycle and serve as a key connection point between application and engineering teams and the broader joint security operations teams. The role focuses on proactively documenting, identifying, assessing, and helping mitigate vulnerabilities before they can be exploited, ensuring applications and environments are built and maintained with strong security controls. Responsibilities include reviewing system architectures, developing and maintaining system security plans, guiding teams on secure development practices, and ensuring adherence to security policies and standards. As a security advocate and subject matter expert, the Application Security Engineer empowers application teams to design, deliver, and operate secure applications and environments. The position combines hands‑on technical expertise with the ability to influence engineering practices and promote a security‑first culture across the organization.

The position is located at our Main Street Centre location in Richmond Virginia and has a hybrid schedule consisting of 3 days in the office (Tuesday, Wednesday, Thursday) and 2 days teleworking (Monday and Friday). Candidate must reside within 50 miles of the Richmond office to be eligible for this role.

The anticipated hiring salary is commensurate with experience up to $100,000.

As a member of the Virginia Tax team, you can expect additional benefits such as:

• Job stability and quality of life! Enjoy your work/life balance with flexible schedule options and up to two days of telework per week.
•  12 Paid State holidays on top of vacation, sick, volunteer, and personal leave!
• Comprehensive and affordable  health benefits
• Got student loans? You may be eligible for the  Public Service Loan Forgiveness program
• Participation in the Virginia Retirement System,  VA 457 Deferred Comp, and  more

At Virginia Tax…

We are dedicated, resourceful individuals who strive to exceed our customers’ expectations. Not only do we serve the public, we are the public. We are a part of a community that cares about and celebrates each other, who promote opportunities for growth within a stable environment, and support a healthy work-life balance. 

What we do matters. So do you.

Minimum Qualifications

Experience providing information security guidance and training.

Knowledge and experience with application development and security architecture.

Knowledge of secure coding standards and guidelines and ability to identify security flaws in source code.

Knowledge of vulnerability remediation and patch management for applications.

Experience with SAST, DAST, and IAST security testing tools (e.g., Accunetix, Veracode, Jenkins, Splunk, Rapid7, Tenable).

Knowledge and experience with Web Application Firewalls (WAFs) and AWS Security Groups implementation strategies for application protection.

Experience with and understanding of security information and event management (SIEM) systems (e.g., Splunk, Azure Sentinel, or IBM QRadar).

Knowledge and experience with AWS services (e.g., Security Hub, GuardDuty, Security Groups, Inspector, Config, CloudWatch, S3 Buckets, IAM, CloudTrail, EC2 (Elastic Compute Cloud), CodePiplines, KMS, and Secrets Manager.

Knowledge and understanding of relevant security regulations and standards (e.g., NIST 800-53, IRS Pub 1075, PCI- DSS, OWASP Top10, MITRE ATT&CK, CIS Benchmarks, NIST Cybersecurity Framework).

Comprehensive knowledge of a System Security Plan (SSP) and experience in creating and maintaining an SSP.

Additional Considerations

CompTIA Security+, Certified Cloud Security Professional (CCSP), ISC2 CC (Certified in Cybersecurity), CCSP (Certified Cloud Security Professional), AWS Certified Security, AWS Solutions Architect (Associate/Professional), or AWS Security Specialty

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

All Virginia Tax employees must be current with filing their tax returns ensuring they were filed in compliance with established laws, rules and regulations.

Selected candidate(s) will be required to consent to and successfully pass a background investigation which includes fingerprint-based criminal history, tax compliance, and DMV driving record (if applicable) checks. Selected candidates require a valid Driver’s License.

The selected candidate will be prohibited from performing tax or accounting services for compensation during or outside business hours.

Virginia Tax is an equal opportunity employer that values diversity in the workforce. All qualified applicants are afforded equal opportunities without regard to race, sex, color, national or ethnic origin, religion, genetics, age, veteran status, political affiliation, or disability.

Reasonable accommodations are available to applicants with disabilities, if requested, during the application and/or interview process. If accommodations are needed, please contact Human Resources at (804) 786-3610.

Virginia Tax participates in E-verify.

Consideration for an interview is based solely on the information within the application and/or resume’.

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their Certificate of Disability (COD) provided by a Vocational Rehabilitation Counselor within the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their Certificate of Disability. If you need to get a Certificate of Disability, use this link: Career Pathways for Individuals with Disabilities, or call DARS at 800-552-5019, or DBVI at 800-622-2155.

Contact Information

Name: Virginia Tax Talent Acquisition Team

Phone: 804-786-3608

Email: hroffice@tax.virginia.gov