Web Application Security SME/Technical Lead

About The Position

Requirements

• Demonstrated experience operating and managing web application vulnerability assessment tools (e.g., Burp Suite, Acunetix, Netsparker, Qualys WAS, or OWASP ZAP).
• Strong technical understanding of web application platforms, languages, and frameworks, including Python, PHP, Java/JavaScript, C#, and SQL.
• Proven ability to analyze and interpret vulnerability scan data, develop risk-based remediation plans, and track mitigation activities.
• Experience developing reports, dashboards, and performance metrics for vulnerability management tracking and decision support.
• Excellent analytical, communication, and collaboration skills, with the ability to interface effectively with both technical teams and senior leadership.

Nice To Haves

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field (preferred).
• Industry-recognized certifications such as CISSP, CSSLP, CEH, GWAPT, GWEB, or CompTIA Security+.
• Experience securing federal web applications and familiarity with NIST SP 800-53, FISMA, and OWASP Top 10.
• Familiarity with DevSecOps practices, CI/CD pipeline security integration, and cloud-based web application architectures (AWS, Azure, GCP).
• Prior experience supporting federal cybersecurity operations or compliance-driven environments.

Responsibilities

• Lead the design, implementation, and management of the agency’s web application security program, ensuring alignment with federal cybersecurity policies and frameworks.
• Operate and maintain automated and manual web application vulnerability assessment tools to detect weaknesses such as misconfigurations, missing patches, insecure coding practices, and other security flaws.
• Analyze, interpret, and validate scan results, providing actionable recommendations for remediation and risk reduction.
• Develop and maintain custom scripts, test cases, or configurations to enhance application vulnerability detection and validation.
• Coordinate vulnerability testing across production, staging, and development environments to ensure comprehensive security coverage.
• Serve as the primary technical lead and subject-matter expert for web application security assessments, remediation planning, and vulnerability management strategies.
• Collaborate with developers, system administrators, and cybersecurity operations teams to prioritize and remediate vulnerabilities efficiently.
• Provide guidance on secure coding practices and assist in the development of security standards for web applications and APIs.
• Prioritize findings based on exploitability, potential impact, and risk, ensuring that the most critical vulnerabilities are addressed first.
• Develop and maintain content such as reports, dashboards, and data visualizations to communicate remediation status, risk trends, and vulnerability metrics.
• Provide executive-level and technical reporting on web application security posture, remediation progress, and compliance status.
• Identify systemic weaknesses and propose long-term improvements to enhance application security controls and processes.
• Stay current with emerging web application threats, vulnerabilities, and mitigation technologies to continuously evolve program effectiveness.

Benefits

• MBL Technologies offers a competitive salary adjusted for candidate qualifications partnered with an industry-leading benefits package. This package includes incentive plans with corporate and individual-based performance bonuses, 401K, PTO, remote work, health and wellness programs, employee discounts, and learning and development reimbursement.