Senior Security Test Engineer

Everforth ECS is seeking a Senior Security Test Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

The Senior Security Test Engineer serves as the principal authority for security test engineering across WDP Core Integration's full software development lifecycle, embedding automated security validation, compliance gating, and penetration testing activities directly into DevSecOps pipelines spanning NIPRNet, SIPRNet, and JWICS. This is a senior technical role responsible for translating DoW cybersecurity requirements and contract obligations into concrete, measurable test strategies that protect mission-critical software releases and sustain continuous authorization across all WDP enclaves.

• Conducts advanced test engineering operations supporting War Data Platform (WDP) Core Integration software lifecycle activities across development, testing, integration, staging, and production environments on NIPRNet, SIPRNet, and JWICS.
• Designs automated test suites using GitLab CI, Jenkins, Selenium, JMeter, SonarQube, OpenSCAP, and approved scanning tools to validate functionality, security, performance, and compliance requirements.
• Translates contract-level DevSecOps and cybersecurity requirements into concrete security-test objectives and embeds static analysis, software-composition analysis, and dynamic or interactive security testing directly into continuous integration and continuous deployment pipelines with automated gating and reporting.
• Implements DevSecOps-aligned testing strategies integrating automated gate checks, artifact-lineage verification, regression safety controls, and STIG-based compliance validation.
• Creates reusable security-testing scripts and supplements automated workflows with targeted manual or penetration-testing activities for high-risk release candidates.
• Uses Infrastructure-as-Code patterns to provision secure sandboxes that mirror production controls and employ synthetic or masked data to protect sensitive information during testing.
• Performs virtual-machine and container-security validation using Department of War Security Technical Implementation Guides and defense container-hardening standards embedded in CI workflows.
• Executes automated and manual testing, documents defects, validates fixes, and triages findings while maintaining a security-testing risk register.
• Reviews scan results, collaborates with developers for fix verification, and refines rulesets, tooling, and documentation to meet audit and regulatory obligations.
• Tracks key performance indicators including coverage, detection speed, pipeline stability, and reliability trends to support program reporting and continuous improvement.
• Coordinates with software engineers, DevSecOps pipeline operators, cybersecurity teams, and system-engineering personnel to reproduce issues, verify corrective actions, and synchronize readiness for sprint and release events.
• Supports maintenance of test environments, synthetic data sets, and repeatable validation workflows enabling stable, high-confidence software releases across all War Data Platform (WDP) Core Integration enclaves.
• Performs other duties as assigned.