Web Application Security Engineer (AppSec / DevSecOps)

Essnova Solutions, Inc.Washington, DC
Hybrid
Match Resume

About The Position

Essnova Solutions is seeking an experienced Web Application Security Engineer to support a federal customer by integrating security throughout the software development lifecycle (SDLC) and protecting enterprise web applications and APIs from evolving cyber threats. The ideal candidate has experience with application security, secure software development, vulnerability management, DevSecOps, and federal cybersecurity frameworks.

Requirements

  • Experience in Application Security (AppSec), Web Application Security, or Product Security.
  • Strong knowledge of secure software development practices and Secure SDLC.
  • Experience performing vulnerability assessments, threat modeling, and application security testing.
  • Knowledge of OWASP Top 10, common web application vulnerabilities, and remediation techniques.
  • Experience implementing or supporting Web Application Firewalls (WAF).
  • Experience integrating security into CI/CD pipelines and DevSecOps environments.
  • Familiarity with federal cybersecurity frameworks including NIST and FedRAMP.
  • Excellent analytical, troubleshooting, and communication skills.
  • Public Trust (Tier 2) clearance or the ability to obtain and maintain one.

Nice To Haves

  • Experience with SAST, DAST, Software Composition Analysis (SCA), or similar application security tools.
  • Experience with secure code reviews and developer security training.
  • Experience supporting cloud-native applications within AWS and/or Microsoft Azure.
  • Experience supporting federal government or highly regulated environments.
  • Relevant security certifications such as: CSSLP, OSCP, OSWE, GWEB, CASE, Security+, GSEC.

Responsibilities

  • Embed security throughout the Software Development Lifecycle (SDLC).
  • Perform web application vulnerability assessments, penetration support, and threat modeling activities.
  • Identify, prioritize, and remediate application security vulnerabilities.
  • Implement secure coding standards aligned with OWASP Top 10 and industry best practices.
  • Configure and maintain Web Application Firewalls (WAF) and application security controls.
  • Integrate application security tools into CI/CD pipelines and DevSecOps workflows.
  • Monitor application logs and investigate security events affecting web applications and APIs.
  • Collaborate with software developers, DevOps engineers, and cybersecurity teams to improve application security posture.
  • Support compliance with NIST, FISMA, FedRAMP, and other federal cybersecurity standards.
  • Develop security documentation, technical recommendations, and remediation guidance.

Benefits

  • Opportunities to work with modern cloud technologies
  • Opportunities to work with cybersecurity best practices
  • Opportunities to work with mission-critical systems

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

No Education Listed

Job Search Resources

Similar Web Application Security Engineer (AppSec / DevSecOps) job opportunities

🔥 New JobSr AWS Application Security Engineer, ADC AppSec
Amazon
Amazon • Arlington, VA1d • $178,400 - $226,700 • Onsite
🔥 New JobSecurity Engineer II, ADC AppSec
Amazon
Amazon • Arlington, VA1d • $159,300 - $202,400 • Onsite
Senior Offensive Security Engineer (AppSec)
webAI
webAI • Austin, TX13d
Senior Security Analyst- Application Security & DevSecOps
Software Mind Americas
Software Mind Americas7d • Remote
Senior AppSec Engineer
Leighton
Leighton8d
Staff AppSec Engineer
Upside
Upside • Washington, DC2d • $210,000 - $230,000 • Remote

Tools

Templates & Examples

Resources

Comparisons

Company

Over 4 Million Users
Free AI tools and resources to help you land your next job, faster
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service