Clearance Requirement: Public Trust Tier 2 will be required after onboarding
SUMMARY:
We are seeking an elite Web Developer Security Engineer to serve as Key Personnel playing a pivotal role in protecting mission-critical web applications APIs and sensitive data for the Client. The core objective of this role is to embed robust security principles proactively throughout the Software Development Life Cycle (SDLC). You will drive the end-to-end vulnerability lifecycle leverage threat modeling and advanced assessments while ensuring compliance with Federal cybersecurity frameworks such as NIST SP 800-53 FISMA and FedRAMP.
KEY RESPONSIBILITIES:
Application Security & Vulnerability Management: You will identify analyze and neutralize critical vulnerabilities logic flaws insecure dependencies and misconfigurations. You will also provide Tier II support for security operations and recommend continuous security enhancements.
Secure Architecture & APIs: You will integrate security controls into application architectures and APIs advising on secure design patterns data protection mechanisms and secure communication protocols. You will evaluate and implement security controls for mobile device solutions and mobile-web interfaces.
DevSecOps & Automation: You will seamlessly integrate security controls throughout the CI/CD pipeline. You will leverage AI-assisted development tools (e.g. GitHub Copilot OpenAI API/Codex) and scripting languages (Python JavaScript/ Java TypeScript) to automate security monitoring.
Monitoring & Incident Response: You will review and analyze web server and application logs to detect anomalies and indicators of compromise. You will deploy tune and maintain Web Application Firewalls (WAFs) tailored to custom applications. You will also configure and manage File Integrity Monitoring (FIM) solutions for web content directories.
Compliance & Governance: You will develop security metrics manage compliance reporting and audit systems against established security baselines. You will participate actively in risk assessments audits and security authorization processes.
Requirements
MANDATORY QUALIFICATIONS:
Bachelors degree (or higher) in Computer Science Cybersecurity Information Systems Engineering or a related field is strictly required.
Minimum of 3 years of experience in Web Application Security Application Security Engineering (AppSec) or secure software development life cycle (SSDLC).
Must have proven development experience with modern technologies (C# MVC WCF) HTML5 CSS3 JavaScript REST APIs and SQL.
Strong understanding of the OWASP Top 10 is required.
Must hold at least one of the following current credentials: CSSLP GWEB CASE OSWE OSCP Security or GSEC. Crucially these certifications (or their equivalents) must have been maintained for a minimum of 5 years. Expired or professionally unused certifications will not be considered.
PREFERRED QUALIFICATIONS:
In-depth experience with the Federal authorization process (NIST SP 800-53 FISMA FedRAMP).
Advanced knowledge of AWS cloud security and container security utilizing Docker and Kubernetes.
Proven background in designing resilient security architecture and threat modeling.
Required Skills:
Bachelors degree (or higher) in Computer Science Cybersecurity Information Systems Engineering or a related field is strictly required. Minimum of 3 years of experience in Web Application Security Application Security Engineering (AppSec) or secure software development life cycle (SSDLC). Must have proven development experience with modern technologies (C# MVC WCF) HTML5 CSS3 JavaScript REST APIs and SQL. Strong understanding of the OWASP Top 10 is required. Must hold at least one of the following current credentials: CSSLP GWEB CASE OSWE OSCP Security or GSEC. Crucially these certifications (or their equivalents) must have been maintained for a minimum of 5 years. Expired or professionally unused certifications will not be considered.
Required Education:
Bachelors degree (or higher) in Computer Science Cybersecurity Information Systems Engineering or a related field is strictly required.
PLEASE NOTE: It is a Hybrid position in Washington D.C. MetroClearance Requirement: Public Trust Tier 2 will be required after onboardingSUMMARY:We are seeking an elite Web Developer Security Engineer to serve as Key Personnel playing a pivotal role in protecting mission-critical web applications AP...
PLEASE NOTE:
It is a Hybrid position in Washington D.C. Metro
Clearance Requirement: Public Trust Tier 2 will be required after onboarding
SUMMARY:
We are seeking an elite Web Developer Security Engineer to serve as Key Personnel playing a pivotal role in protecting mission-critical web applications APIs and sensitive data for the Client. The core objective of this role is to embed robust security principles proactively throughout the Software Development Life Cycle (SDLC). You will drive the end-to-end vulnerability lifecycle leverage threat modeling and advanced assessments while ensuring compliance with Federal cybersecurity frameworks such as NIST SP 800-53 FISMA and FedRAMP.
KEY RESPONSIBILITIES:
Application Security & Vulnerability Management: You will identify analyze and neutralize critical vulnerabilities logic flaws insecure dependencies and misconfigurations. You will also provide Tier II support for security operations and recommend continuous security enhancements.
Secure Architecture & APIs: You will integrate security controls into application architectures and APIs advising on secure design patterns data protection mechanisms and secure communication protocols. You will evaluate and implement security controls for mobile device solutions and mobile-web interfaces.
DevSecOps & Automation: You will seamlessly integrate security controls throughout the CI/CD pipeline. You will leverage AI-assisted development tools (e.g. GitHub Copilot OpenAI API/Codex) and scripting languages (Python JavaScript/ Java TypeScript) to automate security monitoring.
Monitoring & Incident Response: You will review and analyze web server and application logs to detect anomalies and indicators of compromise. You will deploy tune and maintain Web Application Firewalls (WAFs) tailored to custom applications. You will also configure and manage File Integrity Monitoring (FIM) solutions for web content directories.
Compliance & Governance: You will develop security metrics manage compliance reporting and audit systems against established security baselines. You will participate actively in risk assessments audits and security authorization processes.
Requirements
MANDATORY QUALIFICATIONS:
Bachelors degree (or higher) in Computer Science Cybersecurity Information Systems Engineering or a related field is strictly required.
Minimum of 3 years of experience in Web Application Security Application Security Engineering (AppSec) or secure software development life cycle (SSDLC).
Must have proven development experience with modern technologies (C# MVC WCF) HTML5 CSS3 JavaScript REST APIs and SQL.
Strong understanding of the OWASP Top 10 is required.
Must hold at least one of the following current credentials: CSSLP GWEB CASE OSWE OSCP Security or GSEC. Crucially these certifications (or their equivalents) must have been maintained for a minimum of 5 years. Expired or professionally unused certifications will not be considered.
PREFERRED QUALIFICATIONS:
In-depth experience with the Federal authorization process (NIST SP 800-53 FISMA FedRAMP).
Advanced knowledge of AWS cloud security and container security utilizing Docker and Kubernetes.
Proven background in designing resilient security architecture and threat modeling.
Required Skills:
Bachelors degree (or higher) in Computer Science Cybersecurity Information Systems Engineering or a related field is strictly required. Minimum of 3 years of experience in Web Application Security Application Security Engineering (AppSec) or secure software development life cycle (SSDLC). Must have proven development experience with modern technologies (C# MVC WCF) HTML5 CSS3 JavaScript REST APIs and SQL. Strong understanding of the OWASP Top 10 is required. Must hold at least one of the following current credentials: CSSLP GWEB CASE OSWE OSCP Security or GSEC. Crucially these certifications (or their equivalents) must have been maintained for a minimum of 5 years. Expired or professionally unused certifications will not be considered.
Required Education:
Bachelors degree (or higher) in Computer Science Cybersecurity Information Systems Engineering or a related field is strictly required.
Job Location:
Monthly Salary:
Posted on:
Vacancies:
