Web Developer Security Engineer

Cmt Services, Inc.
Washington, United States of America
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Remote
Washington, United States of America

Tech stack

Web Interfaces
Java
JavaScript
Multitier Architecture
API
Application Firewall
Cloud Computing
Computer Security
Information Systems
System Configuration
Continuous Integration
Custom Software
Web Servers
Intrusion Detection Systems
Python
Log Analysis
Node.js
Open Web Application Security
Systems Development Life Cycle
Secure Coding
Web Application Security
Security Information and Event Management
Software Engineering
Wireshark
TypeScript
Software Vulnerability Management
Web Applications
Scripting (Bash/Python/Go/Ruby)
GitHub Copilot
React
Software Security
Web Content
Information Technology
Cybercrime
Api Design
Devsecops

Job description

Protects CBO's mission-critical web applications, APIs, and sensitive data by embedding strong security throughout the software development lifecycle - making security a proactive, built-in part of design and delivery., * Identify, analyze, and neutralize critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations.

  • Drive the end-to-end vulnerability lifecycle - proactive threat modeling, advanced security assessments, and remediation validation.
  • Support integration of security controls into application architectures, APIs, and services; advise on secure design patterns, data protection, and secure communication protocols.
  • Obtain, review, and analyze web server and application logs to detect anomalies and indicators of compromise.
  • Implement automation scripts for threat-intelligence integration; support end-to-end response to web application security events.
  • Maintain documentation of findings, remediation steps, and security controls.
  • Ensure web applications and cloud infrastructure comply with NIST SP 800-53, FISMA, and FedRAMP (as applicable); participate in audits, risk assessments, and authorization., * Ability to leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API/Codex) and scripting (Python, JavaScript/Node.js, Java, React.js, TypeScript) to automate security monitoring and compliance audits.
  • Strong understanding of OWASP Top 10, secure coding standards, and mitigation of common web vulnerabilities.
  • Deploying, tuning, and maintaining WAF solutions tailored to custom applications and traffic patterns.
  • Configuring/managing File Integrity Monitoring (FIM) for web content directories.
  • Familiarity with security testing tools - Wireshark, SIEM, IDS/IPS, NDR, or EDR.
  • Evaluating/recommending/implementing security controls for mobile device and mobile-web interfaces.
  • Performing complex risk assessments, analyzing cyber threats, and providing remediation guidance for core systems and dependencies.
  • Implementing DevSecOps principles - integrating security controls throughout the CI/CD pipeline.
  • Developing security metrics, managing compliance reporting, and auditing systems against baselines.
  • Effective cross-team collaboration and independent work; providing Tier II support for security operations., * Specialized AppSec: CSSLP (Certified Secure Software Lifecycle Professional); GWEB (GIAC Certified Web Application Defender); CASE (EC-Council Certified Application Security Engineer).
  • Offensive Security: OSWE (OffSec Web Expert); OSCP (Offensive Security Certified Professional).
  • Foundational Security: Security+; GSEC.

Requirements

  • Extensive hands-on secure software development, DevSecOps automation, and vulnerability remediation.
  • Proficiency in log analysis, file integrity monitoring (FIM), and managing web application firewalls (WAF).
  • Minimum 3 years in Web Application Security, AppSec, or secure SDLC (SSDLC)., * Bachelor's degree (or higher) in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field.

About the company

CMT Services Inc. is a dynamic and small business supporting Federal, State, and Local government agencies. As an SBA-certified HUBZone, Woman Owned Small Business (WOSB), we deliver quality, professional services to support the missions and strategic business goals of our clients., * Development with modern web technologies and frameworks including .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL., At CMT Services, we believe that extraordinary results come from empowering exceptional people. If you're ready to lead innovative projects, solve complex challenges, and contribute to meaningful infrastructure development while advancing your career in a supportive, collaborative environment, we want to hear from you.

Apply for this position