Web Developer Security Engineer with Security Clearance
Horizon global Partners · Reston, VA · 2 wk ago
Information Technology$61k/yrFull-time
Position Responsibilities
- Identify, assess, and remediate web application vulnerabilities, insecure dependencies, and application misconfigurations.
- Conduct application security reviews throughout the Secure Software Development Lifecycle (SSDLC).
- Validate remediation efforts through technical testing and secure code review.
- Develop and maintain secure coding standards aligned with OWASP best practices.
- Perform threat modeling and application risk assessments.
- Design secure web application and REST API architectures.
- Recommend secure authentication, authorization, encryption, and data protection mechanisms.
- Implement secure design patterns that reduce application attack surfaces.
- Integrate security controls into CI/CD pipelines.
- Automate security testing using Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secrets scanning.
- Implement security gates to prevent vulnerable code from reaching production.
- Support Git-based secure development workflows and DevSecOps automation.
- Analyze web server, application, and security logs for indicators of compromise.
- Configure and tune Web Application Firewalls (WAF) to protect enterprise web applications.
- Implement and maintain File Integrity Monitoring (FIM) solutions.
- Support security incident investigations and forensic analysis.
- Develop and secure applications using technologies including:
- .NET
- C#
- ASP.NET MVC
- WCF
- HTML5
- CSS3
- Javascript
- REST APIs
- SQL
- Python
- Node.js
- React
- TypeScript
- Evaluate and implement security controls for mobile web applications.
- Support secure cloud application deployments.
- Collaborate with infrastructure and cloud engineering teams to improve application security posture.
- Support compliance with NIST SP 800-53, FISMA, and FedRAMP requirements.
- Participate in security assessments, audits, and authorization activities.
- Develop security documentation, remediation plans, risk assessments, and engineering standards.
- Produce security metrics and compliance reports.
Required Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field.
- Minimum 3 years of Application Security (AppSec), Secure Software Development Lifecycle (SSDLC), or Web Application Security experience.
- Extensive experience with secure software development and vulnerability remediation.
- Experience implementing DevSecOps principles throughout CI/CD pipelines.
- Strong knowledge of OWASP Top 10 vulnerabilities and secure coding practices.
- Experience performing threat modeling and application risk assessments.
- Experience deploying, tuning, and maintaining Web Application Firewalls (WAF).
- Experience configuring and managing File Integrity Monitoring (FIM).
- Experience analyzing web server and application logs.
- Experience with SIEM, IDS/IPS, EDR, or Network Detection & Response (NDR) technologies.
- Experience securing REST APIs and cloud-based applications.
- Excellent analytical, documentation, and communication skills.
Required Technical Skills
- .NET
- C#
- ASP.NET MVC
- WCF
- HTML5
- CSS3
- Javascript
- TypeScript
- React
- Node.js
- Python
- REST APIs
- SQL
- Secure SDLC (SSDLC)
- DevSecOps
- CI/CD Security
- Threat Modeling
- OWASP Top 10
- Secure Coding
- Vulnerability Management
- WAF
- File Integrity Monitoring (FIM)
- SIEM
- IDS/IPS
- EDR
- NDR
- Git
- Security Automation
- Mobile Web Security
Required Credentials
- Candidates should possess current security certifications that demonstrate expertise in secure software development and application security. The Government requires at least one current certification from each of the following categories, with equivalent legacy certifications accepted if professionally maintained for at least five years:
- Application Security (AppSec) – At least one required
- Certified Secure Software Lifecycle Professional (CSSLP)
- GIAC Certified Web Application Defender (GWEB)
- EC-Council Certified Application Security Engineer (CASE)
- Offensive Security – At least one required
- OffSec Web Expert (OSWE)
- Offensive Security Certified Professional (OSCP)
- Foundational Security – At least one required
- CompTIA Security+
- GIAC Security Essentials (GSEC)
Preferred Qualifications
- Experience with Federal Government or DoD environments.
- Experience with NIST SP 800-53, FISMA, and FedRAMP authorization processes.
- Experience with AWS cloud security.
- Experience securing Docker and Kubernetes environments.
- Experience implementing automated security gates within CI/CD pipelines.
- Experience using AI-assisted development tools such as GitHub Copilot or OpenAI APIs to improve secure software development workflows.