Web Developer Security Engineer

Horizon Global Corporation
Washington, United States of America
22 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Washington, United States of America

Tech stack

JavaScript
.NET
API
Application Firewall
ASP.NET
HTML5
C Sharp (Programming Language)
CSS
Software as a Service
Cloud Computing Security
Cloud Engineering
CompTIA Security+
Computer Security
Information Systems
System Configuration
Continuous Integration
Web Servers
Windows Communication Foundation
Intrusion Detection Systems
Information Systems Security Architecture Professional
Python
Microsoft Security Essentials
Node.js
Open Web Application Security
Performance Tuning
Systems Development Life Cycle
Cloud Services
Standard Sql
Secure Coding
Web Application Security
Security Software
Security Information and Event Management
Software Deployment
Software Engineering
TypeScript
Software Vulnerability Management
Web Applications
GitHub Copilot
React
Software Security
GIT
Information Technology
REST
Devsecops
Security Orchestration, Automation & Response
Static Application Security Testing
Dynamic Application Security Testing

Job description

Horizon Global Partners (HgP) is seeking a highly skilled Web Developer Security Engineer to support a Federal Government customer by securing mission-critical web applications, APIs, and cloud-based services. The successful candidate will integrate security throughout the Secure Software Development Lifecycle (SSDLC), identify and remediate application vulnerabilities, implement DevSecOps practices, and strengthen application security through secure architecture, automation, and continuous monitoring. The ideal candidate combines strong software development experience with application security engineering expertise and has hands-on experience implementing secure coding practices, threat modeling, vulnerability management, Web Application Firewalls (WAF), File Integrity Monitoring (FIM), and CI/CD security automation., Application Security Engineering

  • Identify, assess, and remediate web application vulnerabilities, insecure dependencies, and application misconfigurations.

  • Conduct application security reviews throughout the Secure Software Development Lifecycle (SSDLC).

  • Validate remediation efforts through technical testing and secure code review.

  • Develop and maintain secure coding standards aligned with OWASP best practices. Secure Architecture & Threat Modeling

  • Perform threat modeling and application risk assessments.

  • Design secure web application and REST API architectures.

  • Recommend secure authentication, authorization, encryption, and data protection mechanisms.

  • Implement secure design patterns that reduce application attack surfaces. DevSecOps & CI/CD Security

  • Integrate security controls into CI/CD pipelines.

  • Automate security testing using Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secrets scanning.

  • Implement security gates to prevent vulnerable code from reaching production.

  • Support Git-based secure development workflows and DevSecOps automation. Monitoring & Incident Response

  • Analyze web server, application, and security logs for indicators of compromise.

  • Configure and tune Web Application Firewalls (WAF) to protect enterprise web applications.

  • Implement and maintain File Integrity Monitoring (FIM) solutions.

  • Support security incident investigations and forensic analysis. Secure Software Development Develop and secure applications using technologies including:

  • .NET

  • C#

  • ASP.NET MVC

  • WCF

  • HTML5

  • CSS3

  • JavaScript

  • REST APIs

  • SQL

  • Python

  • Node.js

  • React

  • TypeScript Mobile & Cloud Security

  • Evaluate and implement security controls for mobile web applications.

  • Support secure cloud application deployments.

  • Collaborate with infrastructure and cloud engineering teams to improve application security posture. Compliance & Documentation

  • Support compliance with NIST SP 800-53, FISMA, and FedRAMP requirements.

  • Participate in security assessments, audits, and authorization activities.

  • Develop security documentation, remediation plans, risk assessments, and engineering standards.

  • Produce security metrics and compliance reports.

Requirements

  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field.

  • Minimum 3 years of Application Security (AppSec), Secure Software Development Lifecycle (SSDLC), or Web Application Security experience.

  • Extensive experience with secure software development and vulnerability remediation.

  • Experience implementing DevSecOps principles throughout CI/CD pipelines.

  • Strong knowledge of OWASP Top 10 vulnerabilities and secure coding practices.

  • Experience performing threat modeling and application risk assessments.

  • Experience deploying, tuning, and maintaining Web Application Firewalls (WAF).

  • Experience configuring and managing File Integrity Monitoring (FIM).

  • Experience analyzing web server and application logs.

  • Experience with SIEM, IDS/IPS, EDR, or Network Detection & Response (NDR) technologies.

  • Experience securing REST APIs and cloud-based applications.

  • Excellent analytical, documentation, and communication skills., * JavaScript

  • TypeScript

  • React

  • Node.js

  • Python

  • REST APIs

  • SQL

  • Secure SDLC (SSDLC)

  • DevSecOps

  • CI/CD Security

  • Threat Modeling

  • OWASP Top 10

  • Secure Coding

  • Vulnerability Management

  • WAF

  • File Integrity Monitoring (FIM)

  • SIEM

  • IDS/IPS

  • EDR

  • NDR

  • Git

  • Security Automation

  • Mobile Web Security, Candidates should possess current security certifications that demonstrate expertise in secure software development and application security. The Government requires at least one current certification from each of the following categories, with equivalent legacy certifications accepted if professionally maintained for at least five years: Application Security (AppSec) - At least one required

  • Certified Secure Software Lifecycle Professional (CSSLP)

  • GIAC Certified Web Application Defender (GWEB)

  • EC-Council Certified Application Security Engineer (CASE) Offensive Security - At least one required

  • OffSec Web Expert (OSWE)

  • Offensive Security Certified Professional (OSCP) Foundational Security - At least one required

  • CompTIA Security+

  • GIAC Security Essentials (GSEC), * Experience with Federal Government or DoD environments.

  • Experience with NIST SP 800-53, FISMA, and FedRAMP authorization processes.

  • Experience with AWS cloud security.

  • Experience securing Docker and Kubernetes environments.

  • Experience implementing automated security gates within CI/CD pipelines.

  • Experience using AI-assisted development tools such as GitHub Copilot or OpenAI APIs to improve secure software development workflows.

Apply for this position