Web Developer Security Engineer (AppSec / DevSecOps)

PLEASE NOTE:

• It is a Hybrid position in Washington, D.C. Metro
• Clearance Requirement: Public Trust Tier 2 will be required after onboarding

SUMMARY

We are seeking an elite Web Developer Security Engineer to serve as Key Personnel, playing a pivotal role in protecting mission-critical web applications, APIs, and sensitive data for the Client. The core objective of this role is to embed robust security principles proactively throughout the Software Development Life Cycle (SDLC). You will drive the end-to-end vulnerability lifecycle, leverage threat modeling and advanced assessments while ensuring compliance with Federal cybersecurity frameworks such as NIST SP 800-53, FISMA, and FedRAMP.

KEY RESPONSIBILITIES:

• Application Security & Vulnerability Management: You will identify, analyze, and neutralize critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations. You will also provide Tier II support for security operations and recommend continuous security enhancements.
• Secure Architecture & APIs: You will integrate security controls into application architectures and APIs, advising on secure design patterns, data protection mechanisms, and secure communication protocols. You will evaluate and implement security controls for mobile device solutions and mobile-web interfaces.
• DevSecOps & Automation: You will seamlessly integrate security controls throughout the CI/CD pipeline. You will leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API/Codex) and scripting languages (Python, JavaScript/Node.js, Java, React.js, TypeScript) to automate security monitoring.
• Monitoring & Incident Response: You will review and analyze web server and application logs to detect anomalies and indicators of compromise. You will deploy, tune, and maintain Web Application Firewalls (WAFs) tailored to custom applications. You will also configure and manage File Integrity Monitoring (FIM) solutions for web content directories.
• Compliance & Governance: You will develop security metrics, manage compliance reporting, and audit systems against established security baselines. You will participate actively in risk assessments, audits, and security authorization processes.

Requirements

MANDATORY QUALIFICATIONS:

• Bachelor's degree (or higher) in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field is strictly required.
• Minimum of 3 years of experience in Web Application Security, Application Security Engineering (AppSec), or secure software development life cycle (SSDLC).
• Must have proven development experience with modern technologies including .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL.
• Strong understanding of the OWASP Top 10 is required.
• Must hold at least one of the following current credentials: CSSLP, GWEB, CASE, OSWE, OSCP, Security+, or GSEC. Crucially, these certifications (or their equivalents) must have been maintained for a minimum of 5 years. Expired or professionally unused certifications will not be considered.

PREFERRED QUALIFICATIONS

• In-depth experience with the Federal authorization process (NIST SP 800-53, FISMA, FedRAMP).
• Advanced knowledge of AWS cloud security and container security utilizing Docker and Kubernetes.
• Proven background in designing resilient security architecture and threat modeling.