Web Developer Security Engineer (AppSec / DevSecOps)
Omm IT Solutions•Washington, DC
•Hybrid
About The Position
We are seeking an elite Web Developer Security Engineer to serve as Key Personnel, playing a pivotal role in protecting mission-critical web applications, APIs, and sensitive data for the Client. The core objective of this role is to embed robust security principles proactively throughout the Software Development Life Cycle (SDLC). You will drive the end-to-end vulnerability lifecycle, leverage threat modeling and advanced assessments while ensuring compliance with Federal cybersecurity frameworks such as NIST SP 800-53, FISMA, and FedRAMP.
Requirements
- Bachelor's degree (or higher) in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field is strictly required.
- Minimum of 3 years of experience in Web Application Security, Application Security Engineering (AppSec), or secure software development life cycle (SSDLC).
- Proven development experience with modern technologies including .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL.
- Strong understanding of the OWASP Top 10 is required.
- Must hold at least one of the following current credentials: CSSLP, GWEB, CASE, OSWE, OSCP, Security+, or GSEC.
- Certifications (or their equivalents) must have been maintained for a minimum of 5 years. Expired or professionally unused certifications will not be considered.
Nice To Haves
- In-depth experience with the Federal authorization process (NIST SP 800-53, FISMA, FedRAMP).
- Advanced knowledge of AWS cloud security and container security utilizing Docker and Kubernetes.
- Proven background in designing resilient security architecture and threat modeling.
Responsibilities
- Identify, analyze, and neutralize critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations.
- Provide Tier II support for security operations and recommend continuous security enhancements.
- Integrate security controls into application architectures and APIs, advising on secure design patterns, data protection mechanisms, and secure communication protocols.
- Evaluate and implement security controls for mobile device solutions and mobile-web interfaces.
- Integrate security controls throughout the CI/CD pipeline.
- Leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API/Codex) and scripting languages (Python, JavaScript/Node.js, Java, React.js, TypeScript) to automate security monitoring.
- Review and analyze web server and application logs to detect anomalies and indicators of compromise.
- Deploy, tune, and maintain Web Application Firewalls (WAFs) tailored to custom applications.
- Configure and manage File Integrity Monitoring (FIM) solutions for web content directories.
- Develop security metrics, manage compliance reporting, and audit systems against established security baselines.
- Participate actively in risk assessments, audits, and security authorization processes.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
