Application Security Engineer in Washington

Energy Jobline
Washington, United States of America
18 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Washington, United States of America

Tech stack

Java
JavaScript
.NET
Multitier Architecture
API
Application Firewall
HTML5
C Sharp (Programming Language)
CSS
Cloud Computing Security
Computer Security
Web Servers
Windows Communication Foundation
Intrusion Detection Systems
Python
Log Analysis
MVC
Node.js
Open Web Application Security
Standard Sql
Secure Coding
Web Application Security
Security Information and Event Management
Software Engineering
Wireshark
TypeScript
Web Applications
React
Software Security
Cyber Threat Analysis
REST
Devsecops

Job description

The Web Developer Security Engineer plays a critical role in protecting CBO's web applications, APIs, and sensitive information assets. This position integrates security throughout the Software Development Life Cycle (SDLC), ensuring secure application design, development, deployment, and maintenance while supporting compliance with applicable federal cybersecurity frameworks., * Identify, analyze, and remediate vulnerabilities, insecure dependencies, logic flaws, and security misconfigurations.

  • Conduct threat modeling and security assessments.
  • Support secure application architecture and design reviews.
  • Analyze web server and application logs to identify indicators of compromise.
  • Develop automation scripts supporting threat intelligence and security monitoring.
  • Maintain security findings, remediation records, and documentation.
  • Support compliance with NIST SP 800-53, FISMA, and FedRAMP requirements.
  • Participate in audits, assessments, and authorization activities.
  • Deploy, tune, and maintain Web Application Firewalls (WAFs).
  • Configure and manage File Integrity Monitoring (FIM) solutions.
  • Develop security metrics, dashboards, and compliance reporting.
  • Provide Tier II security operations support.
  • Integrate security controls throughout CI/CD pipelines and DevSecOps workflows.

Requirements

Security Requirement: Candidates must successfully complete FBI fingerprinting, criminal background investigation, and obtain and maintain a favorable Public Trust Tier 2 clearance. Additional cybersecurity, computer access, and content management training may be required., * Minimum three (3) years of experience in: *

  • Web Application Security
  • Application Security Engineering
  • Secure Software Development Lifecycle (SSDLC)
  • Extensive experience with secure software development and DevSecOps.
  • Experience managing:
  • Web Application Firewalls (WAF)
  • File Integrity Monitoring (FIM)
  • Log Analysis
  • Experience with:
  • .NET (C#, MVC, WCF)
  • HTML5
  • CSS3
  • JavaScript
  • REST APIs
  • SQL
  • Experience leveraging AI-assisted development tools.
  • Experience with Python, Node.js, Java, React.js, and TypeScript.
  • Strong understanding of OWASP Top 10.
  • Experience implementing secure coding practices.
  • Experience with Wireshark, SIEM, IDS/IPS, NDR, or EDR solutions.
  • Ability to conduct risk assessments and cyber threat analysis.
  • Experience implementing DevSecOps methodologies.
  • Experience producing security metrics and compliance reporting.
  • Ability to work independently and within multidisciplinary teams., * Experience supporting Federal Government cybersecurity initiatives.
  • Knowledge of:
  • NIST SP 800-53
  • FISMA
  • FedRAMP
  • Experience with AWS cloud security.
  • Experience with Docker and Kubernetes security.
  • Experience with threat modeling and security architecture design.
  • Strong written and verbal communication skills.

Required Certifications

Candidates must possess one certification from each category and have maintained it for at least five (5) years:

Application Security

  • CSSLP
  • GWEB
  • CASE

Offensive Security

  • OSWE
  • OSCP

Apply for this position