FLEX Application Security Testing Analyst
Bethesda, USA IT development
Job description
This is a temporary position.
The Application Security Testing Analyst will support the assessment and improvement of Web, API, Mobile application security through hands-on security testing and code analysis. The ideal candidate will have a solid foundation in secure coding practices, vulnerability detection, and testing techniques such as SAST, DAST, and manual testing. This role is designed to offer practical experience in application security testing, with opportunities to work directly with development teams, security tools, and automation in real-world environments.
CANDIDATE PROFILE
Education and Experience
Required:
· Bachelor’s degree in Cybersecurity, Computer Science or related field or equivalent experience/certification
· 2+ years of information technology or application development experience
· Strong understanding of programming concepts (e.g., loops, data types, logic, input/output)
· Basic experience or familiarity with application security testing tools (e.g., Burp Suite, OWASP ZAP, Fortify, Veracode)
· Understanding of the OWASP Top 10 and common application vulnerabilities (e.g., XSS, SQLi, CSRF)
· Basic knowledge of vulnerability triage and remediation processes
· Familiarity with version control (e.g., Git), CI/CD concepts, and the SDLC
· Proficiency in Microsoft Word, PowerPoint, and Excel
· Excellent communication skills
Preferred:
· Master’s degree in Cybersecurity, Computer Science, or related field or equivalent experience/certification
· Security certifications (e.g., GWAPT, OSCP, CEH, Security+, or CySA+)
· 2+ years of experience in an application security, QA, or software testing role
· Experience performing web application penetration testing or source code review
· Exposure to secure SDLC practices and integrating testing into CI/CD pipelines
· Understanding of risk scoring frameworks (e.g., CVSS) and security ticketing workflows
· Familiarity with compliance standards such as PCI-DSS, NIST 800-53, or ISO 27001
CORE WORK ACTIVITIES
Application Security Risk Management & Tracking
· Application Security Testing & Risk Analysis
· Assist with static and dynamic application security testing (SAST/DAST) using tools such as CodeQL, Trivy, Dependency Check, SonarQube, and Burp Suite
· Perform basic manual testing and validation of vulnerabilities in development and pre-production environments
· Support secure code reviews under supervision, identifying potential security flaws in application logic or design
· Collaborate with software developers to provide guidance on secure coding practices and vulnerability remediation
· Triage vulnerability reports and escalate findings based on severity and impact
· Assist in the integration of security testing tools into CI/CD pipelines and automated testing environments
· Contribute to the development of test cases and security use cases based on threat modeling or abuse case analysis
· Support documentation of findings, test results, and risk assessments in systems such as JIRA or ServiceNow
· Help maintain dashboards and reporting for tracking vulnerability trends and remediation status
· Stay current on emerging security vulnerabilities, exploits, and application security best practices
· Work closely with the Senior Manager to continuously improve the testing processes and tool coverage
· Participate in knowledge sharing and security training initiatives with development teams
The pay range for this position is $33.94 to $53.46 per hour.
FLEX opportunities offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.
Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD.
Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.
Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.