Web Developer Security Engineer (AppSec / DevSecOps)

Omm IT Solutions

Washington, Washington

JOB DETAILS
SKILLS
Access Authorization, Amazon Web Services (AWS), Analysis Skills, Application Programming Interface (API), Applications Security, Artificial Intelligence (AI), Auditing, Automation, Cloud Computing, Communications Protocols, CompTIA Security+, Computer Science, Computer Security, Continuous Deployment/Delivery, Continuous Integration, Design Patterns Programming Methodologies, Docker, FISMA - Federal Information Security Management Act, File Management, Firewalls, GSEC - GIAC Security Essentials Certification, GitHub, Incident Response, Information Technology/Systems Audit, Information/Data Security (InfoSec), Internet Application, Internet Security, JavaScript, Maintain Compliance, Metrics, Mobile Devices, Node.js, Onboarding, Operational Support, Programming Tools, Python Programming/Scripting Language, React.js, Risk Analysis, Scripting (Scripting Languages), Security Architecture, Security Auditing, Security Monitoring, Security Protocols, Software Administration, Software Development Lifecycle (SDLC), Software Engineering, Systems Engineering, Threat Modeling, U.S. National Institute of Standards and Technology (NIST), Web Analytics, Web Interface, Web Programming, Web Server
LOCATION
Washington, Washington
POSTED
16 days ago
PLEASE NOTE:
  • It is a Hybrid position in Washington, D.C. Metro
  • Clearance Requirement: Public Trust Tier 2 will be required after onboarding

SUMMARY:
We are seeking an elite Web Developer Security Engineer to serve as Key Personnel, playing a pivotal role in protecting mission-critical web applications, APIs, and sensitive data for the Client. The core objective of this role is to embed robust security principles proactively throughout the Software Development Life Cycle (SDLC). You will drive the end-to-end vulnerability lifecycle, leverage threat modeling and advanced assessments while ensuring compliance with Federal cybersecurity frameworks such as NIST SP 800-53, FISMA, and FedRAMP.

KEY RESPONSIBILITIES:
  • Application Security & Vulnerability Management: You will identify, analyze, and neutralize critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations. You will also provide Tier II support for security operations and recommend continuous security enhancements.
  • Secure Architecture & APIs: You will integrate security controls into application architectures and APIs, advising on secure design patterns, data protection mechanisms, and secure communication protocols. You will evaluate and implement security controls for mobile device solutions and mobile-web interfaces.
  • DevSecOps & Automation: You will seamlessly integrate security controls throughout the CI/CD pipeline. You will leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API/Codex) and scripting languages (Python, JavaScript/Node.js, Java, React.js, TypeScript) to automate security monitoring.
  • Monitoring & Incident Response: You will review and analyze web server and application logs to detect anomalies and indicators of compromise. You will deploy, tune, and maintain Web Application Firewalls (WAFs) tailored to custom applications. You will also configure and manage File Integrity Monitoring (FIM) solutions for web content directories.
  • Compliance & Governance: You will develop security metrics, manage compliance reporting, and audit systems against established security baselines. You will participate actively in risk assessments, audits, and security authorization processes.

Requirements

MANDATORY QUALIFICATIONS:
  • Bachelor's degree (or higher) in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field is strictly required.
  • Minimum of 3 years of experience in Web Application Security, Application Security Engineering (AppSec), or secure software development life cycle (SSDLC).
  • Must have proven development experience with modern technologies including .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL.
  • Strong understanding of the OWASP Top 10 is required.
  • Must hold at least one of the following current credentials: CSSLP, GWEB, CASE, OSWE, OSCP, Security+, or GSEC. Crucially, these certifications (or their equivalents) must have been maintained for a minimum of 5 years. Expired or professionally unused certifications will not be considered.

PREFERRED QUALIFICATIONS:
  • In-depth experience with the Federal authorization process (NIST SP 800-53, FISMA, FedRAMP).
  • Advanced knowledge of AWS cloud security and container security utilizing Docker and Kubernetes.
  • Proven background in designing resilient security architecture and threat modeling.

About the Company

O

Omm IT Solutions