Web Developer Security Engineer
Nationwide IT Services•DC, DC
•Hybrid
About The Position
Nationwide IT Services (NIS) is seeking a Web Developer Security Engineer to support application security initiatives across web applications, APIs, and the software development lifecycle (SDLC). The selected candidate will be responsible for secure application design, vulnerability management, DevSecOps integration, security monitoring, WAF administration, File Integrity Monitoring (FIM), and Tier II security operations support.
Requirements
- Minimum 3 years of experience in Application Security and Secure Software Development Lifecycle (SSDLC).
- Strong knowledge of web application security principles and OWASP Top 10 vulnerabilities.
- Experience managing the full vulnerability lifecycle, including threat modeling, security assessments, remediation, and validation.
- Experience with secure application design, architecture reviews, data protection, and secure communications.
- Hands-on experience with Web Application Firewall (WAF) deployment, configuration, and tuning.
- Experience with File Integrity Monitoring (FIM), log analysis, Indicators of Compromise (IOC) detection, and threat intelligence automation.
- Experience supporting Tier II Security Operations.
- Experience implementing DevSecOps practices and automated security controls within CI/CD pipelines.
- .NET Technologies: C#, ASP.NET MVC, WCF
- Front-End: HTML5, CSS3, JavaScript, React, TypeScript
- APIs & Databases: REST APIs, SQL
- Programming/Scripting: Python, Node.js, Java
- AI-Assisted Development Tools (e.g., GitHub Copilot)
- Security Tools: SIEM, IDS/IPS, NDR, EDR
- Cloud & Container Security: AWS, Docker, Kubernetes
- Experience supporting environments governed by NIST SP 800-53, FISMA, and FedRAMP.
- Experience participating in audits, security assessments, and authorization activities.
- Bachelor’s degree or higher in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field.
- Application Security Certification: CSSLP, OR GIAC Web Application Penetration Tester (GWEB), OR CASE
- Offensive Security Certification: OSWE, OR OSCP
- Foundational Security Certification: Security+, OR GSEC
Nice To Haves
- Experience securing federal government applications and systems.
- Experience integrating security controls into modern CI/CD pipelines.
- Strong understanding of cloud-native and containerized application security.
Responsibilities
- Perform application security reviews and threat modeling.
- Conduct vulnerability assessments and oversee remediation efforts.
- Implement and maintain security controls within CI/CD pipelines.
- Configure and tune WAF and File Integrity Monitoring solutions.
- Analyze logs, investigate security events, and support incident response activities.
- Collaborate with development teams to ensure secure coding practices.
- Support compliance, audit, and security authorization requirements.
Benefits
- embracing remote work
- enhancing wellness initiatives
- investing in modern technology
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
