Application Security Engineer in Washington

Job DescriptionJob Description

Job Title: Web Developer Security Engineer

Employment Type: Full-Time with Benefits

Work Location: Onsite

Place of Performance: Washington, DC 20515

Work Authorization: U.S. Citizenship is required due to federal government contract requirements

Security Requirement: Candidates must successfully complete FBI fingerprinting, criminal background investigation, and obtain and maintain a favorable Public Trust Tier 2 clearance. Additional cybersecurity, computer access, and content management training may be required.

Position Overview

The Web Developer Security Engineer plays a critical role in protecting CBO's web applications, APIs, and sensitive information assets. This position integrates security throughout the Software Development Life Cycle (SDLC), ensuring secure application design, development, deployment, and maintenance while supporting compliance with applicable federal cybersecurity frameworks.

Essential Duties and Responsibilities

• Identify, analyze, and remediate vulnerabilities, insecure dependencies, logic flaws, and security misconfigurations.
• Conduct threat modeling and security assessments.
• Support secure application architecture and design reviews.
• Analyze web server and application logs to identify indicators of compromise.
• Develop automation scripts supporting threat intelligence and security monitoring.
• Maintain security findings, remediation records, and documentation.
• Support compliance with NIST SP 800-53, FISMA, and FedRAMP requirements.
• Participate in audits, assessments, and authorization activities.
• Deploy, tune, and maintain Web Application Firewalls (WAFs).
• Configure and manage File Integrity Monitoring (FIM) solutions.
• Develop security metrics, dashboards, and compliance reporting.
• Provide Tier II security operations support.
• Integrate security controls throughout CI/CD pipelines and DevSecOps workflows.

Required Qualifications

• Minimum three (3) years of experience in:
• • Web Application Security
  • Application Security Engineering
  • Secure Software Development Lifecycle (SSDLC)
• Extensive experience with secure software development and DevSecOps.
• Experience managing:
• • Web Application Firewalls (WAF)
  • File Integrity Monitoring (FIM)
  • Log Analysis
• Experience with:
• • .NET (C#, MVC, WCF)
  • HTML5
  • CSS3
  • JavaScript
  • REST APIs
  • SQL
• Experience leveraging AI-assisted development tools.
• Experience with Python, Node.js, Java, React.js, and TypeScript.
• Strong understanding of OWASP Top 10.
• Experience implementing secure coding practices.
• Experience with Wireshark, SIEM, IDS/IPS, NDR, or EDR solutions.
• Ability to conduct risk assessments and cyber threat analysis.
• Experience implementing DevSecOps methodologies.
• Experience producing security metrics and compliance reporting.
• Ability to work independently and within multidisciplinary teams.

Qualifications

• Experience supporting Federal Government cybersecurity initiatives.
• Knowledge of:
• • NIST SP 800-53
  • FISMA
  • FedRAMP
• Experience with AWS cloud security.
• Experience with Docker and Kubernetes security.
• Experience with threat modeling and security architecture design.
• Strong written and verbal communication skills.

Required Certifications

Candidates must possess one certification from each category and have maintained it for at least five (5) years:

Application Security

• CSSLP
• GWEB
• CASE

Offensive Security

• OSWE
• OSCP

Foundational Security

• Security+
• GSEC