Application Security Tooling Admin [Journeyman] (Remote)

iWorks Corporation

6d•$110,000 - $135,000•Remote

About The Position

iWorks is seeking an Application Security Tooling Administrator to design, operate, and continuously improve a defense agency's application security (AppSec) scanning ecosystem across the software development life cycle (SDLC). This role will support Sonatype, Fortify, StackRox/Red Hat ACS, and Burp Suite tooling, integrating them into CI/CD pipelines and ensuring auditable, mission-ready security controls in regulated environments.

Requirements

Active Secret clearance
3+ years of experience in Application Security or DevSecOps (regulated environments)
Hands-on experience with AppSec tools: Sonatype, Fortify, StackRox/Red Hat ACS, and Burp Suite
Experience integrating security tools into CI/CD pipelines and automating workflows
Knowledge of Secure SDLC, OWASP Top 10, and application/container security concepts
Linux fundamentals, networking basics, and authentication (SSO/LDAP)
Familiarity with common development stacks (Java, .NET, Node.js, Python)
Experience with Oracle Cloud Infrastructure (OCI)
DoD 8570 IAT II certification (e.g., Security+)

Nice To Haves

DoD/IC experience with RMF, STIGs, and vulnerability management processes.
Experience with container registries/orchestration: Harbor, Artifactory, ECR, Kubernetes/OpenShift, Helm.
Integration experience with SIEM/SOAR and ticketing systems (Splunk, ServiceNow, Jira).
Additional certifications: CISSP, CSSLP, GIAC, Kubernetes security certifications.

Responsibilities

Deploy, configure, harden, and maintain Sonatype, Fortify, StackRox/Red Hat ACS, and Burp Suite in on-prem and cloud environments, including Oracle Cloud.
Manage tool upgrades, plugins, licensing, backup/restore, high availability, and disaster recovery.
Integrate AppSec tools into CI/CD pipelines (Jenkins, GitLab CI, etc.) with policy-based gating.
Standardize developer workflows with secure-by-default practices, reference templates, and pull request checks.
Define and tune scanning policies, reduce false positives/negatives, and maintain auditable vulnerability management workflows.
Provide actionable vulnerability findings with secure coding guidance and coordinate remediation with engineering teams.
Implement container/Kubernetes security measures, including image scanning, runtime detection, admission controls, and policy enforcement.
Produce metrics, dashboards, and compliance reports to support RMF/ATO requirements.
Participate in Agile project management and utilize Jira for workflow tracking.

Benefits

Medical, Dental, Vision, Life and Disability
401(k)
Health and Wellness Benefits
Paid Sick Time, Vacation Time, and Holiday Time
bonuses throughout the year as part of our incentive program for innovation and business development
annual raise, commensurate with performance and company commitment

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume