Web Developer Security Engineer (Contingent Upon Contract Award)

Loch Harbour Group, Inc.
Washington, United States of America
19 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
$ 120K

Job location

Washington, United States of America

Tech stack

Java
JavaScript
.NET
Multitier Architecture
API
Amazon Web Services (AWS)
Application Firewall
HTML5
Automation of Tests
C Sharp (Programming Language)
CSS
Cloud Computing
Cloud Computing Security
Software Quality
CompTIA Security+
Computer Security
Information Systems
System Configuration
Windows Communication Foundation
Intrusion Detection Systems
Python
Log Analysis
Microsoft Security Essentials
MVC
Node.js
Open Web Application Security
Performance Tuning
Standard Sql
Secure Coding
Web Application Security
Security Information and Event Management
Software Engineering
SQL Databases
Systems Integration
Wireshark
TypeScript
Software Vulnerability Management
Web Applications
Scripting (Bash/Python/Go/Ruby)
Enterprise Software Applications
Cloud Platform System
GitHub Copilot
React
Software Security
Web Content
Containerization
Kubernetes
Information Technology
Cybercrime
Web Technologies
CIS Benchmarks
Api Design
REST
Devsecops
Docker
Security Orchestration, Automation & Response
Vulnerability Analysis

Job description

We are seeking a highly skilled Web Developer Security Engineer to support the design, development, implementation, and maintenance of secure web applications and cybersecurity solutions. The ideal candidate will possess deep expertise in Application Security (AppSec), Secure Software Development Lifecycle (SSDLC), DevSecOps automation, vulnerability remediation, and Federal cybersecurity compliance frameworks. This role requires a proactive security mindset and the ability to integrate security throughout the software development lifecycle while supporting mission-critical systems., * Design, develop, and maintain secure web applications utilizing modern web technologies and frameworks including .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL.

  • Implement Secure Software Development Lifecycle (SSDLC) practices and secure coding standards.
  • Conduct application security reviews, threat modeling, risk assessments, and vulnerability remediation activities.
  • Ensure compliance with Open Worldwide Application Security Project (OWASP) Top 10 guidelines and industry security best practices.
  • Leverage AI-assisted development tools such as GitHub Copilot, OpenAI APIs, and automation frameworks to improve security monitoring, code quality, and compliance auditing.

DevSecOps & Security Automation

  • Implement and maintain DevSecOps processes within CI/CD pipelines.
  • Automate security testing, vulnerability scanning, compliance validation, and security gate enforcement throughout the development lifecycle.
  • Develop scripts and automation solutions using Python, JavaScript/Node.js, Java, React.js, and TypeScript.
  • Collaborate with development, operations, and cybersecurity teams to ensure secure software deployment and operations.

Security Monitoring & Incident Response

  • Perform log analysis, security monitoring, and forensic investigations.
  • Configure and maintain File Integrity Monitoring (FIM) solutions to detect unauthorized changes to web content and critical system files.
  • Deploy, tune, and manage Web Application Firewalls (WAFs) to protect custom-developed applications against evolving cyber threats.
  • Support Tier II security operations and provide recommendations for continuous security improvements.

Cybersecurity Compliance & Risk Management

  • Perform risk assessments and analyze cyber threats affecting enterprise applications and infrastructure.
  • Develop security metrics, compliance reporting, and audit documentation.
  • Support Federal cybersecurity compliance efforts including:
  • NIST SP 800-53
  • FISMA
  • FedRAMP
  • Evaluate, recommend, and implement security controls for web, cloud, and mobile device solutions.

Cloud & Infrastructure Security

  • Implement security controls for cloud environments, including AWS.
  • Secure containerized environments using Docker and Kubernetes.
  • Support security operations through the use of SIEM, IDS/IPS, Network Detection and Response (NDR), Endpoint Detection and Response (EDR), and related cybersecurity technologies.

Requirements

Do you have experience in Web applications?, * Minimum of three (3) years of experience in Web Application Security, Application Security Engineering (AppSec), or Secure Software Development Lifecycle (SSDLC).

  • Extensive hands-on experience in:
  • Secure software development
  • DevSecOps automation
  • Vulnerability assessment and remediation
  • Experience developing web applications using modern technologies and frameworks, including:
  • .NET (C# MVC, WCF)
  • HTML5
  • CSS3
  • JavaScript
  • REST APIs
  • SQL
  • Proficiency in:
  • Log analysis
  • File Integrity Monitoring (FIM)
  • Web Application Firewall (WAF) administration and management
  • Strong understanding of:
  • OWASP Top 10
  • Secure coding standards
  • Web application vulnerability mitigation techniques
  • Experience deploying, configuring, tuning, and maintaining Web Application Firewall (WAF) solutions for custom-developed web applications.
  • Experience configuring and managing File Integrity Monitoring (FIM) solutions to detect and alert on unauthorized changes to web content and critical files.
  • Ability to leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API/Codex) and scripting languages such as:
  • Python
  • JavaScript/Node.js
  • Java
  • React.js
  • TypeScript
  • Familiarity with security monitoring and testing tools, including:
  • Wireshark
  • SIEM platforms
  • IDS/IPS
  • Network Detection and Response (NDR)
  • Endpoint Detection and Response (EDR)
  • Ability to:
  • Perform risk assessments
  • Analyze cybersecurity threats
  • Develop remediation recommendations for enterprise systems and applications
  • Proven experience implementing DevSecOps principles and integrating security controls throughout CI/CD pipelines.
  • Experience developing security metrics, managing compliance reporting, and auditing systems against established security baselines.
  • Experience evaluating, recommending, and implementing security controls for mobile devices and mobile web applications.
  • Experience providing Tier II security operations support and recommending continuous security improvements for existing infrastructure.
  • Demonstrated ability to work independently and collaboratively within cross-functional teams., * Experience supporting enterprise security operations in complex Federal or regulated environments.
  • Experience automating security monitoring, compliance validation, and audit activities.
  • Strong analytical, troubleshooting, and problem-solving skills with the ability to address emerging cybersecurity threats.

Education

  • Bachelor's degree or higher in Computer Science, Cybersecurity, Information Systems, Engineering, or a related technical field.

Security Requirement

  • U.S. Citizenship required.
  • Must be eligible to obtain and maintain a Tier 2 Public Trust clearance

Candidates must possess current certifications from one or more of the following categories, * Certified Secure Software Lifecycle Professional (CSSLP)

  • GIAC Certified Web Application Defender (GWEB)
  • EC-Council Certified Application Security Engineer (CASE)

Offensive Security Certifications

  • OffSec Web Expert (OSWE)
  • Offensive Security Certified Professional (OSCP)

Foundational Security Certifications

  • CompTIA Security+
  • GIAC Security Essentials (GSEC), * Certifications (or equivalent predecessor certifications) must have been maintained and professionally utilized for a minimum of five (5) years.
  • Expired certifications will not be considered.
  • Certifications that have not been applied in a professional work environment will not be considered., * In-depth experience supporting Federal cybersecurity compliance and authorization frameworks, including:
  • NIST SP 800-53
  • FISMA
  • FedRAMP
  • Proven experience in:
  • Threat modeling
  • Cybersecurity risk assessments
  • Security architecture design
  • Development of resilient and secure enterprise systems
  • Advanced experience implementing DevSecOps practices, including:
  • Integrating security controls throughout the software development lifecycle
  • Securing CI/CD pipelines
  • Automating security testing and security gate enforcement
  • Knowledge of cloud security principles and best practices, particularly within AWS environments.
  • Experience securing and managing containerized environments using:
  • Docker
  • Kubernetes

Benefits & conditions

Pulled from the full job description

  • AD&D insurance
  • Health insurance
  • 401(k) matching
  • Paid time off
  • Vision insurance
  • 401(k) 5% Match
  • Dental insurance, At LHG, we offer our employees a full comprehensive and competitive benefits package. Our benefits package features:
  • Competitive salaries
  • Paid time off
  • Health, dental and vision insurance
  • Company paid short/long term disability
  • Company paid Life and Accidental Death & Dismemberment insurance
  • 401(k) (up to 5% matching)
  • Flexible Spending Accounts (FSA)
  • Other company perks

About the company

Loch Harbour Group is a Service-Disabled Veteran-Owned Small Business founded in 1995. We hold CMMI Service Maturity Level 3, ISO 9001:2015, ISO/IEC 27001:2022, and ISO/IEC 20000-1:2018 certifications, and serve federal customers across DoD, homeland security, and civilian agencies. LHG is an equal opportunity employer and considers all qualified applicants without regard to race, color, religion, sex, national origin, age, disability, veteran status, or any other protected status., The Loch Harbour Group is an equal opportunity employer, all interested qualified applicants are encouraged to apply, D/M/V/F. LHG welcomes and encourages diversity in the workforce.

Apply for this position